BARCLAYS APPLICATION SECURITY ASSURANCE PROJECT WITH VERACODE WINS IN THE BANKER TECHNOLOGY AWARDS 2008 Monday 2 June 2008 PDF Print Barclays relies on subscription-based security testing service from Veracode to help manage risk from COTS software and offshore code Burlington, Massachusetts and London – 2 June, 2008 – Veracode, the leading provider of on-demand application security testing solutions, announced today that it has won the award for Information Security Project of the Year in The Banker Technology Awards for its work on the Application Security Assurance Project with Barclays. As threats within the corporate information security landscape intensify, this award is geared to recognising excellence in IT security projects within the financial sector. Veracode Security Review, a subscription-based application security testing solution, underpins Barclay’s implementation of secure procurement practices and enables them to manage both their own and their customers’ risk profile. Security Review is the only on-demand service available to test internally developed applications, commercial off-the-shelf software and applications developed offshore for potential software vulnerabilities. Now in its sixth year, The Banker Technology Awards programme identifies and celebrates innovation and excellence in all areas of banking technology and serve as a vital benchmark for IT services and projects in the financial sector as a whole. Judged by a panel of respected industry experts including practitioners and analysts, they represent the most prestigious awards within the sector and achieving an overall award is no mean feat. The award will be formally presented at a gala luncheon being held in Mayfair, London on Friday 6 June. The Barclays Application Security Assurance project demonstrates innovation on several key levels. The aim of the project was to establish a successful best practice approach for testing all applications including those dependent on third party software and external code. By using Veracode’s SecurityReview, the first software-as-a-service based application security testing solution, Barclays has been able to set up an automated and reliable method for testing third party code that is not only independent but can also handle the massive volumes of code it deploys. Veracode is the only testing service on the market able to test binary code, the language in which applications are written, as opposed to source code. This unique capability means that an external supplier involved in the project does not need to hand over precious intellectual property – so his exposure to this testing service is also positive and beneficial. The initial project scope involved Veracode providing fully automated tests and security audits for 20 third-party vendors – but this is now being rapidly expanded. Rhonda MacLean, Global Information Security Officer, Global Retail and Commercial Banking, Barclays Bank, comments: “We are delighted to see this breakthrough project win this award. Veracode’s Security Review service was a quick win for Barclays, for our customers, and also for our third-party vendors. Their solution has helped Barclays and its software suppliers deal with the difficult task of scanning code in large volumes in a very efficient manner. Rather than trying to change processes within both the bank and our vendors, Veracode’s software-as-a-service model gave us rapid execution and results with minimal resources. Together we have delivered measurable value to our business and our customers, addressing the challenges of a growing and rapidly changing threat environment.” Reflecting further on the award, Matt Moynahan, Veracode CEO, added: "This award from The Banker highlights the importance of effective application security testing for financial institutions. Veracode helps banks achieve a completely clear and independent view of weak spots in their applications and enables them for the first time to identify and remedy risk whether those applications are built in house, purchased as commercial off-the-shelf software or developed off-shore. Winning this prestigious award for our work with Barclays not only validates our innovative subscription-based approach but also underscores the contribution we are making to our customers in helping control their risk profile." Application vulnerabilities and security breaches are very steadily on the rise. According to Gartner, 75% of new attacks target the application layer, and software vulnerabilities have reached an all-time high – with 7,000 new vulnerabilities discovered over the last year. In addition, of the world’s largest 2000 organisations, 75% are engaged in offshore outsourcing. About The Banker Established in 1926, The Banker is the premier magazine and acknowledged journal of record for the world’s investment, retail and commercial banking sectors. Published on a monthly basis, and distributed to around 30,000 individuals globally, the magazine offers an unrivalled combination of authoritative news, features, surveys and heavyweight interviews. With regular software and technology updates, new product innovations, country profiles, definitive bank listings and expert market commentary from leading industry figures, The Banker is essential reading for key decision makers across the banking and corporate sectors. The Banker Technology Awards programme was established six years ago and is very well regarded in the industry. About Veracode Veracode is the world’s leader for on-demand application security testing solutions. Veracode SecurityReview is the industry’s first solution to use patented binary code analysis and dynamic web analysis to uniquely assess any application security threats including vulnerabilities and malicious code. SecurityReview performs the only complete and independent security audit across any internally developed applications, third-party commercial off-the-shelf software and offshore code without exposing a company’s source code. Delivered as an on-demand service, Veracode delivers the simplest and most-cost effective way to implement security best practices, reduce operational cost and achieve compliance without requiring any hardware, software or training. Veracode has established a position as the market visionary and leader with awards that include recognition as a Gartner ‘Cool Vendor’ 2008, SC Magazine’s European Award 2008 for both Innovation and also for Best Vulnerability Assessment, Info Security Product Guide’s “Tomorrow’s Technology Today Award 2008,” Information Security’s “Readers’ Choice Award 2008,” AlwaysOn Northeast’s “Top 100 Private Company 2008,” NetworkWorld “Top 10 Security Company to Watch 2007,” and Dark Reading’s “Top 10 Hot Security Startups 2007.” Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners. See www.veracode.com For more information: Jane Folwell Folwell PR Tel: 01344 845132 Mob tel: 07950 033370 Email: firstname.lastname@example.org This press release was distributed by ResponseSource Press Release Wire on behalf of Jane Folwell in the following categories: Business & Finance, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.