Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

EquaTerra, EquaSiis and Veracode Partner to Enable Higher Security Standards
to Combat Risks in Software Development and Management Outsourcing

Veteran industry, government security and risk experts partner to implement
security acceptance controls and improve security quality in outsourced

London, Houston, New York and Boston - 20 April, 2009 - An initiative to
help enterprises, government agencies and application outsourcing service
providers better ensure the integrity of their data and security of their
software, was announced today by industry leading management consultancy and
sourcing advisor EquaTerra, sourcing software and services firm EquaSiis,
and Veracode, provider of the world's leading Application Risk Management
Platform. The collaboration between the three firms is squarely aimed at
combating the increasing risk that data will be compromised by application
security vulnerabilities in software, including those managed by third party
outsourcers. The result will be new and innovative governance models that
include contractual terms to mandate security verification, best practices,
security acceptance criteria and an overall risk model for improving the
security of outsourced software. EquaSiis, as part of this initiative, will
enable and educate outsourcing service providers through training, guidance
and best practices

"Data and application security have become too critical in an era of global
sourcing to be left to chance or addressed using yesterday's tools,
techniques, terms and conditions", said Mark Robinson, COO at EquaTerra.
"We are taking the initiative to help buyers mature their application
sourcing and governance program and embody the security services,
capabilities and contractual terms available in the market today."

While efforts to protect data and software applications are not new, most
approaches have become increasingly ineffective, as they have not focused on
the core issue - the quality of the delivered application code itself.
Organizations continue to spend more on data and application security and
get less in return for this investment. "Failure to adequately secure
sensitive customer, corporate and governmental data and intellectual
property is not only a serious business risk, it is one that has national
security implications as well," said Jack Tomarchio, Principal, the Agoge
Group, and former Deputy Under Secretary for Operations Office of
Intelligence and Analysis, Department of Homeland Security.

Analyst firm Gartner has forecast the application outsourcing market to
surpass $81 billion by 2011 and has been a strong advocate of implementing
proper security requirements into outsourced development contracts for some
time. A recent report from Quocirca has found that over 60% of companies
that outsource the coding of their critical applications do not mandate that
security must be built into the applications.

"Gartner recommends that application security testing be mandatory in all
outsourced development initiatives," said Arabella Hallawell, Gartner
Research VP. "Outsourced contracts should specify terms and conditions that
detail how security is built into the development lifecycle; when, how and
by whom security testing and validation is performed; and which issues are
to be fixed within a certain timeframe."

Collectively EquaTerra, EquaSiis and Veracode possess an unmatched set of
capabilities to address data and application security challenges with a more
holistic and multi-dimensional approach. Veracode's SecurityReview
Application Risk Management Platform, EquaTerra's global sourcing expertise
and EquaSiis' outsourcing governance software will enable enterprises to
mandate and independently verify security quality, with metrics, tools and
services to monitor performance and manage compliance.

"As corporate technology requirements continue to evolve, businesses more
and more find themselves looking at outsourced development to provide
solutions," said John Bird, VP at Chevy Chase Bank. "Today, the security
quality of outsourced code is largely unknown and the risk inherent in the
application belongs to the enterprise. Standard, sound and verifiable
metrics, independent testing, and acceptance processes for security are
critical elements of software development and should be embedded in
outsourcing contracts. Customers and stockholders will demand that these
risks be effectively addressed for their protection and that of their

"You can outsource development, but not the liability associated with
ensuring your employee and customer data is secure," said Matt Moynahan, CEO
of Veracode. We are excited about this important industry collaboration to
empower enterprises with an easy and cost effective solution to govern the
security quality of outsourced application development. In our experience,
security of third party code is typically low on first verification, but
with proper governance and services, remediation time can be shortened and
quality dramatically improved. This partnership will enable organizations
of all types to ensure that their software infrastructure is secure, while
continuing to enjoy the benefits of their global outsourcing efforts."

About EquaTerra
EquaTerra sourcing advisors help clients achieve sustainable value in their
IT and business processes. Our advisors average more than 20 years of
industry experience and have supported over 2000 transformation and
outsourcing projects across more than 60 countries. Supporting clients
throughout the Americas, Europe, Middle East, Africa and Asia Pacific, we
have deep functional knowledge in finance and accounting, HR, IT,
procurement and other critical business processes. EquaTerra helps clients
achieve significant cost savings and process improvement with internal
transformation, shared services and outsourcing solutions. For more
information, please contact Lee Ann Moore at +1 713.669.9292 or at or see .

Media Contact
Melissa Gardiner
Director of Marketing Europe and Asia Pacific
Tel; +44 207 347 5101

About EquaSiis
EquaSiis provides software and services that improve the business support
services lifecycle for shared services, outsourcing practitioners and
service providers. The software, EquaSiis Workbench and EquaSiis
Enterprise, is a framework for collaboration used during the service
delivery assessment and sourcing process to assist in analysis and decision
making for shared services or outsourcing. EquaSiis provides intelligence
and optimization for the delivery of business support services across the
entire organization. The company also offers service providers market
intelligence, research, customer satisfaction and trending data through its
Insights group. For more details on the Veracode relationship, please
contact Stan Lepeak. To learn more about EquaSiis, contact Ron Walker +1
858.486.6035; or

Media Contact:
Ron Walker, EquaSiis
+1 858.486.6035

About Veracode

Veracode provides the world's leading Application Risk Management Platform.
Veracode SecurityReview's patented and proven cloud-based capabilities allow
customers to govern and mitigate software security risk across a single
application or an enterprise portfolio with unmatched simplicity. Customers
include the world's largest and most security aware organizations in every
industry. Recognized as a Gartner "Cool Vendor," The Wall Street Journal's
"Technology Innovation Award," The Banker's "Information Security Project of
the Year" with Barclays, SC Magazine's "Best Vulnerability Assessment
Solution," Information Security "Readers' Choice Award," and AlwaysOn
Northeast's "Top 100 Private Company," Veracode is Software Security
SimplifiedT. For more information, visit

Media Contact:
Jane Folwell
Folwell PR
Tel : (44)(0)1344 845132
Mob tel: (44)(0)7950 033370

This press release was distributed by ResponseSource Press Release Wire on behalf of Jane Folwell in the following categories: Business & Finance, Computing & Telecoms, for more information visit