Friday, October 31, 2014 Last update: 6:03 PM - Covering Large & Obscure Tech Companies Since 1996

Software Vendors and Enterprises Discuss Best Practices for Addressing Third-Party Software Risk at FS-ISAC Spring Summit

Companies mentioned in this article: Veracode

BURLINGTON, Mass. -- (BUSINESS WIRE) -- Veracode, the application security company, today announced that Chris Wysopal, co-founder and CTO of Veracode will lead a panel discussion on third-party risk during the FS-ISAC Spring summit on Wednesday, May 7th from 11:00 a.m. to 12:00 p.m. The panel -- which includes security executives from Boeing, Microsoft, EMC and Aetna -- will focus on best practices for securing the third-party software perimeter.

The security of third-party and open source software is an important issue facing financial services institutions. This spurred FS-ISAC to publish the “Appropriate Software Security Control Types for Third-Party Service and Product Providers” whitepaper. The FS-ISAC whitepaper states that as enterprises are getting better at defending traditional network perimeters, attackers are now targeting the software supply chain.

Despite the need to secure the software supply chain, conflicting opinions exist regarding how to assess the security of third-party software used by financial services and other firms. Chris Wysopal will lead a panel of security executives from major software vendors and enterprises as they attempt to find common ground on the best approach for reducing enterprise risk from third-party software.

“Enterprises increasingly rely on of third-party applications and components to get to market faster with new cloud and mobile applications. Some software vendors have suggested that there are other ways of addressing third-party risk outside the three controls outlined in the FS-ISAC whitepaper,” said Ed Jennings, CMO, Veracode. “However, enterprises are spending billions on software with major vendors and need to ensure the software they are purchasing isn’t introducing unnecessary risk. The FS-ISAC Spring Summit panel will provide a forum for software vendors and enterprises to discuss how the financial services industry can address this important issue.”

The Veracode Vendor Application Security Testing (VAST) program enables enterprises to reduce the risks associated with the use of third-party software -- whether it is open source, outsourced, SaaS or commercial off-the-shelf -- by attesting to the security of this externally developed software. As part of the VAST program, Veracode manages the vendor assessment process, works with vendors to identify and mitigate application threats using its cloud-based platform, and enables vendors to comply with their customers’ corporate security policies. With Veracode addressing software supply chain security, enterprises can safely leverage third-party software to enable innovation and gain faster time to market.

To read the full whitepaper visit:

About Veracode

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-criminals can find and exploit them, Veracode helps enterprises deliver innovation to market faster – without sacrificing security.

Veracode’s powerful cloud-based platform, deep security expertise and programmatic, best practices approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

Recognized as a Gartner Magic Quadrant Leader since 2010, Veracode secures hundreds of the world’s largest global enterprises, including 3 of the top 4 banks in the Fortune 100 and more than 25 of the world’s top 100 brands. Learn more at, on the Veracode blog and on Twitter.

Copyright © Business Wire 2014

Weber Shandwick
Ellen Moss, 617-520-7138