Secure Coding mailing list archives

Dr. Dobb's | The Truth About Software Security | January 20, 2007

From: weld at vulnwatch.org (Chris Wysopal)
Date: Tue, 30 Jan 2007 12:03:23 -0500 (EST)


Since I work at Veracode I won't pontificate on our service since I am
biased but I want to correct something in your posting.  Veracode is a
separate company from Symantec.  The technology was developed at @stake
and after Symantec acquired @stake the technology was purchased by
a new company, Veracode.

-Chris

On Tue, 30 Jan 2007, Kenneth Van Wyk wrote:

FYI, there's an interesting article on ddj.com about a Symantec's new
"Veracode" binary code analysis service.

http://www.ddj.com/dept/security/196902326

Among other things, the article says, "Veracode clients send a
compiled version of the software they want analyzed over the Internet
and within 72 hours receive a Web-based report explaining--and
prioritizing--its security flaws."

Any SC-Lers have any first-hand experience with Veracode that they're
willing to share here?  Opinions?

Cheers,

Ken
-----
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com

Current thread:

Dr. Dobb's | The Truth About Software Security | January 20, 2007 Kenneth Van Wyk (Jan 30)
- Dr. Dobb's | The Truth About Software Security | January 20, 2007 ljknews (Jan 30)
- Dr. Dobb's | The Truth About Software Security | January 20, 2007 Michael S Hines (Jan 30)
  - Dr. Dobb's | The Truth About Software Security | January 20, 2007 Gadi Evron (Jan 30)
  - Dr. Dobb's | The Truth About Software Security | January 20, 2007 der Mouse (Jan 30)
- Dr. Dobb's | The Truth About Software Security | January 20, 2007 Chris Wysopal (Jan 30)
  - Dr. Dobb's | The Truth About Software Security | January 20, 2007 mudge (Jan 30)