Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

22 April 2008

Veracode launches on-demand code verification service

Steve Gold , reporting from Infosecurity Europe 2008
 
Veracode launched an on-demand program code audit and verification service at the Infosecurity Europe show.

Matt Moynahan, Veracode's CEO, told Infosecurity Magazine that technology behind the Internet-delivered service was spun out of Symantec and allows IT departments to upload their own in-house developed program code, as well as program code from third-party vendors, for auditing, security checking and verification.

"It's an on-demand service. Companies upload the code securely via the Internet, after which it gets checked using our automated systems, as well our own IT staff, and the report on the code is sent back to the client, usually within a day," he said.

Unlike source code analysis, Moynahan said that the new Veracode facility - which is unique in the marketplace - looks at the entire binary code of the programs, and what the code does.

"It creates a simulation of what happens when the code is executed on the client's systems. It's an automated code review. Our technology staff then look at all possibilities and scenarios with the application, what can happen and what might happen, and report back with their findings," he explained.

According to Moynahan, traditional source code auditing only gives IT security and audit staff a basic view of what the program does, usually by simple executable analysis and pattern matching.

"What our new service does is to automate the process, as well as document all the flaws and vulnerabilities, and get back to the client with our findings within a day," he said.

Trial customers of the technology have included Barclays Bank and, as part of the service, Moynahan said that Veracode is giving each set of code it analyses a security quality score.

Over time, he said, the plan is to establish the score as a benchmark for vendor and client-developed software that Veracode analyses.

"We are hoping that it will become an audit and security quality certification mark for the software industry," he said.

News index



 

 
Search this Site:
Google Custom Search

sign up for enews





Click here...