Application security company Veracode was acquired last year by CA Technologies and became a business unit within CA. Now, the company has released CA Veracode Verified, a new program that provides third-party validation of a company’s security software and DevOps process.
CA Veracode conducted research regarding application security with International Data Group (IDG) to identify the top security concerns of companies. It found that 84 percent of software buyers include security requirements in new vendor contracts. Ninety-four percent of those surveyed for the report said that “their confidence in a vendor whose application security has been validated by an established independent security expert would increase.” Additionally, 99 percent of respondents saw multiple advantages to working with certified security vendors.
This is what the CA Veracode Verified program seeks to provide companies. DevOps teams from security vendors or companies with security programs can leverage the program to build a mature application security program.
The IDG research also showed that 98 percent of the organizations surveyed evaluate application security each year, but that 99 percent also run into roadblocks when evaluating the security of software and applications that they don’t develop in-house.
One way the Verified program addresses these concerns is by ensuring that third party software meets certain standards for application security. It focuses on the secure coding process to attest that the third party vendor is implementing secure processes on the development level.
Seventy percent of respondents in the survey placed high importance on certifying that application and software code is free of security problems. And respondents want verification with integrated continuous scanning to detect vulnerabilities throughout the development process.
Other security features important to the companies surveyed were application security testing capabilities, remediation time, credible third-party application security tools, experience with similar security requirements, ability to scan and remediate open source vulnerabilities, and independent testing.