Veracode updates cloud-based vulnerability checker

Veracode has updated its service which scans for vulnerabilities in new software

Veracode has updated its cloud-based SecurityReview service, which allows developers to check for known security and crash vulnerabilities.

The new capabilities allow developers to upload applications automatically and download line-of-code specific vulnerability identification and remediation instructions directly to defect tracking systems and integrated development environments.

The service is available for a wide variety of programming environments, including C++, Java, .NET, PHP and Cold Fusion.

"Until now, developers responsible for incorporating security testing into their development lifecycles have had two options: on-premise tools with high false positive rates; or manual third-party penetration testing that can be time consuming and costly," said Jon Stevenson, senior vice president of engineering at Veracode.

"With this announcement, we are offering developers the best of all worlds: the integration advantages that on-premise tools have sometimes delivered plus the benefits of an expert security partner.

"Veracode is changing the game for software development, destroying the myth that improving the security of every application is prohibitively slow, complicated and expensive."

The company uses published vulnerability data as well as its own security research, which is partially funded by In-Q-Tel, the venture capital arm of the CIA.

"By integrating cloud-based testing capabilities directly into tools that are part of a developer’s everyday life, Veracode is really completing the 'last mile' needed to deliver the advantages of static and dynamic cloud-based security testing into the on-premise development climate," said Nigel Stanley, practice leader at Bloor Research.

"It's one of the few really useful examples of the cloud that I have seen, and the potential is clear – more secure code for substantially less developer effort."