Start-up Veracode next month will begin offering a software code evaluation service online that will allow businesses to upload their code for a security review and receive it back with suggested corrections the next day.
Veracode, a spin-out from Symantec, which holds an equity position in return for the technology the firm uses, plans to offer an on-demand service called SecurityReview, for which official pricing has not been announced. Matt Moynahan, co-founder and CEO, says the goal is provide an analysis of submitted code at the binary level to point out flaws, preferably before they end up in working applications. Firms competing against Veracode include Fortify.
“This service is about application security, whether Web-based or back office,” Moynahan says. “Our binary code analysis engine looks at software whether it’s developed internally, through outsourcing, or independent software vendors.”
The new service is based on an older tool known as the Smart Risk Analyzer developed by Veracode’s chief scientist Christien Rioux, formerly with the security firm @Stake, which was acquired by Symantec more than two years ago.
Veracode has decided not to license its code-evaluation tools for use directly by business and government. One reason, Moynahan says, is the training issue. “A tool itself doesn’t solve the problem, there are the people and the cultural issues,” he says.
Consequently, the challenge for Veracode may be gaining the confidence of customers to submit software code online at the Veracode portal. But Moynahan, who expects Veracode to begin offering the service early next month, said the convenience of the automated binary-code security review and quick turnaround will hold appeal for many organizations wanting an independent security review of their applications.
Learn more about this topicSymantec acquires @Stake
09/16/04“Secure coding attracts interest, investment”
See Network World's continuously updated security buyer's guide