Latest Veracode cloud-based code verification tool unveiled


Latest Veracode cloud-based code verification tool unveiled

Cliff Saran

Veracode, a company which specialises in tracking bugs in applications, has unveiled the latest version of its Securetest service, which offers developers cloud-based code verification.

Jon Stevenson, senior vice-president for engineering at Veracode, said, "We accept binary files. We analyse the binaries to find vulnerabilities." T

he tests are run over 24 hours, after which Veracode sends a report of the vulnerabilities to the developer.

Stevenson said the report identifies modules and even the offending line of source code. The company claims results are often 100% lower in false positives than alternative on-premise source code tools.

The service supports programming languages and development environments including, C++. Java, .net, PHP and Cold Fusion.

In his most recent blog posting, Veracode chief executive Matt Moynahan wrote that fixing software vulnerabilities is often easier than fixing a functional problem with an application.

"Fixing security vulnerabilities can be faster and more cost-effective than fixing a functional bug. Fixing functional bugs often requires detailed diagnosis of the customer environment, configuration settings, other software interacting with it, etc. Changing the size of a buffer or closing a parameter is much simpler - if you can find the vulnerability and provide remediation advice on how to fix it"

Veracode bases its code analysis on common weaknss enumeration, a taxonomy developed by Mitre, a not-for-profit organisation which developes IT and systems standards. It also works with Sans Institute, which classifies vulnerabilities and conducts its own research

Veracode also conducts its own research, funded by InQTel, the venture arm of the CIA.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy