It seems like a silly question but how many companies take the extra steps to know that the millions of lines of code in their solutions don’t have any vulnerabilities? It’s easy to say your code is secure, it’s completely different to pay an accredited third party to review each and every line of code in your applications to ensure they’re free from vulnerabilities. It is with this in mind that Snare teamed with CA Veracode to review our Snare agent software and put them through the Veracode Verified program that would review the executable and application source, putting their own brand reputation behind their certainty. It is a lengthy process and the first to finish was our Snare Windows Agent with version 5.1 and Snare Agent Manager v1.1.0 that achieved Veracode VL4 security compliance. The VL4 status means that there were no Very high, High or Medium risk vulnerabilities in the applications as reviews by Veracode using the OWASP top 10 and SANS top 25 secure coding vulnerabilities. As part of the Verified program we have achieved Verified Standard.
What exactly goes into being Veracode VerAfied? It’s a back and forth between us and Veracode as they go through our application reviewing the code and check it against a policy using the Veracode OWASP top 10 and SANS top 25 known coding vulnerabilities to provide assurance that they did not contain coding vulnerabilities at the time of the scan. As part of the program we are required to perform rescans for every release and or every 6 months whichever occurs first to maintain the Verified Status. So its now built into our development and release process where the Windows Agent and Snare Agent Manager are constantly reviewed. Talk about an extra mile (or kilometer for those of you on the metric system).
Our competitors haven’t taken this extra step, and while we understand why, it was important to us that our best-selling products are built securely and are free from all known vulnerabilities. You can’t go a week anymore without major breaches making headlines and vulnerabilities can often be found in the most unassuming places. So, we went ahead and made sure that we are not only helping you secure your organization but we continually do so with the most secure solutions on the market.
Check out Veracode’s website to learn more about being Verified.
Check out our page on Snare Agents to learn more about the world’s favorite logging tool.