Latest Veracode cloud-based code verification tool unveiled

Veracode, a company which specialises in tracking bugs in applications, has unveiled the latest version of its Securetest service, which offers developers cloud-based code verification.

Veracode, a company which specialises in tracking bugs in applications, has unveiled the latest version of its Securetest service, which offers developers cloud-based code verification.

Jon Stevenson, senior vice-president for engineering at Veracode, said, "We accept binary files. We analyse the binaries to find vulnerabilities." T

he tests are run over 24 hours, after which Veracode sends a report of the vulnerabilities to the developer.

Stevenson said the report identifies modules and even the offending line of source code. The company claims results are often 100% lower in false positives than alternative on-premise source code tools.

The service supports programming languages and development environments including, C++. Java, .net, PHP and Cold Fusion.

In his most recent blog posting, Veracode chief executive Matt Moynahan wrote that fixing software vulnerabilities is often easier than fixing a functional problem with an application.

"Fixing security vulnerabilities can be faster and more cost-effective than fixing a functional bug. Fixing functional bugs often requires detailed diagnosis of the customer environment, configuration settings, other software interacting with it, etc. Changing the size of a buffer or closing a parameter is much simpler - if you can find the vulnerability and provide remediation advice on how to fix it"

Veracode bases its code analysis on common weaknss enumeration, a taxonomy developed by Mitre, a not-for-profit organisation which developes IT and systems standards. It also works with Sans Institute, which classifies vulnerabilities and conducts its own research

Veracode also conducts its own research, funded by InQTel, the venture arm of the CIA.

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close