Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Verafied Mark Indicates Independent Software Security Verification

Veracode : 30 July, 2010  (Company News)
Veracode has introduced its Verafied mark of approval for awarding to software vendors that have been tested against the 25 most dangerous software errors in the industry
Veracode has unveiled the new Verafied High Assurance mark of software application security for the CWE/SANS Top 25 Most Dangerous Software Errors. This prominent industry "seal of approval" indicates to a software provider's customers and partners that an application has been independently assessed and that the testing did not detect exploitable software weaknesses identified in the list of the Top 25 Most Dangerous Software Errors as defined by the Mitre Common Weakness Enumeration (CWE) project that is sponsored by the US Federal Government. The independent high assurance assessment is performed with SecurityReview, Veracode's patented cloud-based automated security verification service, and complemented by manual penetration testing to identify flaws in business logic and design.

Software providers whose applications earn the Verafied mark may display it as an indicator to customers of their successful efforts to eliminate known, dangerous vulnerabilities. Additionally, the application may be identified with a Verafied High Assurance mark in Veracode's Verafied Software Directory. CIOs, CISOs and others who acquire software may also use the mark as a threshold for security quality delivered by commercial, outsourced or open source suppliers.

"Among the most important things that can be done to improve software security is for buyers of software to require evidence of an acceptable minimum level of security that is able to be substantiated by a credible independent source," said Joe Jarzombek, director for software assurance, National Cyber Security Division, Department of Homeland Security. "We support qualification and test activities that enable consumers of software and procurement groups to make better informed decisions based on a standard benchmark of software security. We applaud industry-led efforts that make use of our US Federal Government-sponsored CWE to unambiguously make statements about mitigating software security risk exposures."

To earn the Verafied High Assurance mark for the CWE/SANS Top 25 Most Dangerous Software Errors, software providers submit their final integrated application - binary or bytecode - to Veracode SecurityReview for assessment. The application is analyzed by Veracode's patented cloud-based automated security verification service and then subjected to additional manual penetration testing by Veracode or its partners. Following the remediation of any vulnerabilities of severity medium or higher, as defined by First's CVSS vulnerability scoring system, and any identified vulnerabilities that are errors included in the Top 25 Most Dangerous Software Errors list compiled by MITRE and SANS and a consortium of other organizations, the application is then resubmitted to Veracode for complete security regression testing and verification. Given the ad hoc approach to security testing done by most organizations today, this consistent and repeatable framework and process enables software suppliers to differentiate applications that are Verafied for CWE/SANS Top 25 compliance and display the mark that demonstrates they have applied diligent efforts to find and remediate all known dangerous vulnerabilities.

"It is well established that the software supply chain poses a significant amount of unknown risk to every enterprise's reputation and business continuity," said Matt Moynahan, CEO of Veracode. "By displaying the Verafied mark for CWE/SANS Top 25 to indicate their developers' vigorous efforts to eliminate dangerous software errors, commercial software providers, open source projects and outsourced software suppliers can differentiate themselves as good partners in the effort to reduce application-related risk."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo