For instant comparison of software quality against aggregated security benchmarks, Veracode, provider of application risk management solutions, last week launched its SecurityInsights service.
With a click of the “Compare Me” button, the intelligence service checks the software against billions of lines of code in Veracode’s repository, which have been submitted to Veracode for static, dynamic or manual testing. A user’s software portfolio can be compared against applications in his or her industry, programming languages (such as C, C++, Java and .NET), third-party suppliers, or other types of application.
This service also enables users to set security and quality standards for their software portfolios so they can see how they are stacking up to standards of others in the industry, said Sam King, Veracode’s vice president of product marketing.
Some categories for comparison include vulnerability prevalence, standards compliance against CWE/SANS Top 25 and OWASP Top 10, and application security policy compliance.
Although King said this service is not the first intelligence service out there, it is the first that can “look in” on a code level, and focus on the DNA of an app and its vulnerabilities.
SecurityInsights will be available within the next two months and will be bundled into Veracode’s SecurityReview Enterprise Edition at no additional cost. It is also available as a standalone service, but a pricing model is still being worked out, King said.