Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Start-up Veracode offers code security evaluation online

By Ellen Messmer , Network World , 01/16/2007

Start-up Veracode next month will begin offering a software code evaluation service online that will allow businesses to upload their code for a security review and receive it back with suggested corrections the next day.

Veracode, a spin-out from Symantec, which holds an equity position in return for the technology the firm uses, plans to offer an on-demand service called SecurityReview, for which official pricing has not been announced. Matt Moynahan, co-founder and CEO, says the goal is provide an analysis of submitted code at the binary level to point out flaws, preferably before they end up in working applications. Firms competing against Veracode include Fortify.

“This service is about application security, whether Web-based or back office,” Moynahan says. “Our binary code analysis engine looks at software whether it’s developed internally, through outsourcing, or independent software vendors.”

The new service is based on an older tool known as the Smart Risk Analyzer developed by Veracode’s chief scientist Christien Rioux, formerly with the security firm @Stake, which was acquired by Symantec more than two years ago.

Veracode has decided not to license its code-evaluation tools for use directly by business and government. One reason, Moynahan says, is the training issue. “A tool itself doesn’t solve the problem, there are the people and the cultural issues,” he says.

Consequently, the challenge for Veracode may be gaining the confidence of customers to submit software code online at the Veracode portal. But Moynahan, who expects Veracode to begin offering the service early next month, said the convenience of the automated binary-code security review and quick turnaround will hold appeal for many organizations wanting an independent security review of their applications.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.