BURLINGTON, Mass. -- Veracode Inc., provider of the industry's first on-demand application security review solutions, today announces that it has released the industry's first standards-based ratings service for determining security levels in software. The Veracode Software Security Ratings ServiceT provides a pragmatic way for enterprises and ISVs to measure, compare and improve application security levels.
Veracode's Software Security Ratings Service is used to assess and identify the severity and exploitability of software flaws. By producing a software security rating, enterprises now are able to gain insight into the security quality of software similar to that provided by Moody'sR, Standard and Poor'sR or Consumer ReportsR for other products.
Today's software industry is one of the largest in the world, with annual revenues of over $350 billion *, yet there is no standard way to measure software security. The operational risk and burden on enterprises and consumers from insecure software has been steadily growing due to increasing vulnerability disclosures, associated product patches, data breaches leading to massive identity theft and, more recently, fluctuations in corporate stock prices.
Until now, independent software ratings have not been possible due to the sensitivity associated with releasing source code for independent evaluation and the fact that existing evaluation tools are not able to assess 100% of the application code, a pre-requisite for an accurate security assessment.
Veracode's innovation with binary security analysis, coupled with its on-demand service model that integrates multiple testing techniques, makes this rating service possible.
"Our breakthrough binary analysis makes it possible for Veracode to assist the software community to raise the level of software security," said Matt Moynahan, president and CEO of Veracode. "Our objective is to drive innovation that makes it easy and cost effective for enterprises and ISVs alike to independently determine whether the software they are buying or selling is secure and demonstrate that they take software security seriously."