Forus-P b.v.
telefoon: 0481-377265
email: security@forusp.com

Veracode Governance Model

Application security testing conducted in the absence of an overarching program and policy governing application risk management within the organization is simply ad-hoc testing. Without establishing policies that take into account elements such as business criticality, regulatory impact, brand risk etc. there is no comprehensive understanding of the risk exposure posed by the application portfolio. With Ad-hoc testing, there is no way to accurately measure whether the money being spent on application security is cost effective and what the outcome of the dollars being invested really is. Veracode’s Governance Model capabilities were designed to make it easy for organizations to identify their application inventories, set policy and initiate workflow to bring the rest of the organizations testing efforts in alignment with the business value posed by those applications. Below is a description of the key features that constitute the Governance Model component of the Veracode platform:

Application Inventory Manager:
This provides an XML import capability that allows customers to quickly import application inventory information into the Veracode cloud-based platform from systems such as configuration management databases and GRC products. The application inventory manager also offers a rich GUI that allows managers to manually enter applications and associated metadata into the platform.

Application Policy Manager:
Provides a dashboard which customers can use to define and assign security policies as well as measure compliance against them. Customers may choose the default Veracode policy based on accepted industry standards including MITRE's Common Weakness Enumeration (CWE) for classification of software weaknesses and First's Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability and NIST's definitions of assurance levels. Alternatively customers can pick policies that may be articulated as granular rules such as the application must be free from certain categories or severaties of vulnerabilities. Customers may also use the policy manager to help with regulatory compliance such as PCI, FISMA, GLBA, HIPAA and SOX.

Informatie over Veracode Governance Model aanvragen 




 Forus-P Security Seal


 
Copyright © 2010 Forus-P bv | Aansprakelijkheid en disclaimer