SOURCE: Veracode

September 21, 2009 13:00 ET

Have You VerAfied™ Your Software?

Veracode Introduces VerAfied™ Mark of Software Security and FREE First Time Rating for Independent Software Vendors (ISVs)

BURLINGTON, MA--(Marketwire - September 21, 2009) - Veracode Inc., provider of the world's leading cloud-based application risk management services platform, today announced it has expanded its independent software ratings with the introduction of the VerAfied™ software security mark enabling software providers to demonstrate and market the security of their software products as a competitive differentiator. Veracode also announced that it will work with ISVs free of charge to achieve the VerAfied mark to demonstrate the ease with which they can improve the security quality of software.

"Many in the Federal Government have advocated the need for independent and transparent vetting of the security attributes of software," said Joe Jarzombek, Director for Software Assurance, in the National Cyber Security Division of the Department of Homeland Security. "The independent determination of security quality attributes is important to Federal agencies given the need to mitigate security risks across the software supply chain. Software suppliers should assert claims about the security of their products, backed by evidence from the use of qualified static analysis of the code."

The VerAfied security mark is a quality indicator for the security level of applications and software components. Achievement of the VerAfied mark independently validates the software provider's commitment to improving software security. Software providers who have earned the VerAfied mark to date include HID Global, LiveLOOK, Medmatics, Mimecast, OpenVPN, and Sendmail among others. Veracode's ratings are independent, completely transparent and based on industry accepted standards for software assessment from NIST, CWE and CVSS against vulnerability benchmarks such as the OWASP Top 10 and CWE-SANS Top 25.

"Insecure and poorly configured software has led to a number of the high-profile data breaches in recent headlines," said Diana Kelley, principal analyst, SecurityCurve. "The ability for ISVs to have their software independently rated allows enterprises to manage risk by determining whether or not the software meets their evolving requirements before or even after purchasing and deploying."

To complement the new VerAfied and free initial rating announcements, Veracode introduced special introductory pricing for independent software vendors (ISVs), also known as commercial off-the-shelf software (COTS) providers. For $2,500 Veracode is offering a one year unlimited subscription to its SecurityReview application risk management services platform enabling them to build security into their development processes. Additional developer education, advisory, and testing services are also available.

"Enterprises and government agencies are demanding independent proof that the software they are purchasing is secure," said Matt Moynahan, CEO, Veracode. "Before Veracode, it was impossible to easily and cost-effectively demonstrate compliance with this requirement with traditional on-premise tools. By creating the VerAfied mark and removing the cost and adoption barriers of on-premise tools, Veracode is driving to make it unbelievably simple and affordable for ISVs to ship secure products and differentiate their company in a competitive market environment. It's an unmatchable value and demonstrates Veracode's commitment to a more secure world of software."

Software providers can request their free first time rating at:

Veracode will be hosting a webinar event, "5 Reasons Why ISVs Should Get VerAfied" on Wednesday, September 30th at 1pm ET. Register for the webinar event at:

About Veracode

Veracode provides the world's leading Application Risk Management Platform. Veracode SecurityReview's patented and proven cloud-based capabilities allow customers to govern and mitigate software security risk across a single application or an enterprise portfolio with unmatched simplicity. Customers include the world's largest and most security aware organizations in every industry. Recognized as a Gartner "Cool Vendor" and with The Wall Street Journal's "Technology Innovation Award," The Banker's "Information Security Project of the Year" with Barclays, SC Magazine's "Best Vulnerability Assessment Solution," Information Security "Readers' Choice Award," and AlwaysOn Northeast's "Top 100 Private Company," Veracode is Software Security Simplified™. For more information, visit

Contact Information