Application security is no longer an afterthought. Vulnerable apps are a prime--if not the prime--attack vector for getting to customer information, intellectual property and sensitive corporate data. Application development is complicated by outsourcing, which cuts costs and delivery time, but greatly increases risk.
Veracode's unique approach to application security as a service (SaaS) is tailor-made for the new development environment, which is why its SecurityReview services earned the silver award. Before the service solution, companies had two options. They could buy still-maturing application security analysis tools--a market validated when IBM and HP acquired Watchfire and SPI Dynamics respectively--or pay for very expensive consultant code/application review.
Veracode combines strong technology and an attractive model. It scours compiled code, analyzing binaries for vulnerabilities that can be exploited. This means companies can secure their applications without exposing source code to outsiders, a particular concern in an age of distributed, outsourced development. The SaaS approach is an attractive alternative to pricey consulting and allows customers to have applications, outsourced pieces of applications, or even applications they are considering buying analyzed for security flaws.