Veracode, Inc. [2], the leader in cloud-based application security testing, today announced details of its participation at RSA Conference 2013, taking place February 25 – March 1, 2013 in San Francisco. In addition to exhibiting (booth #1342), Veracode will participate in several speaking events and will provide new insight into ways enterprise organizations can combine network and host vulnerability information with application security vulnerability information.

Veracode and its customers will present several sessions throughout the RSA Conference, including:

• “Don’t Ask, Don’t Tell: The (In)Security of Vendor-Supplied Software” (Tuesday, February 26, 2013, 3:50 p.m., RSA Briefing Center) – This session will explore the recent Veracode State of Software Security Report Supplement that found an alarming 62 percent of all vendor-supplied applications fail to reach compliance with enterprise security policies. Chris Wysopal, CTO and co-founder of Veracode, will discuss how enterprises are communicating with vendors as they mandate security testing of their software supply chain.
• “ASEC-W25 - SAST, DAST and Vulnerability Assessments, 1+1+1 = 4” (Wednesday, February 27, 2013, 1:00 p.m., Session Room 132) – This session focuses on integration between Application Security Assessments; SAST and DAST, with Network Vulnerability Assessments, an industry breakthrough in security risk assessment. Both Chris Wysopal and Gordon MacKay, CTO of Digital Defense, Inc., will discuss how organizations can combine data from these two different vulnerability sources to better understand their risk profile and how to prioritize application security issues.

Additionally, several Veracode customers will be showcased in the ‘Wicked Smaaht’ Security Talks in the Veracode booth, including:

• NSFOCUS [3], a provider of enterprise-level network security solutions
• Bob’s Stores [4], an online retailer trained in the importance of securing applications to keep customer information safe
• Good Technology [5], a provider of enterprise mobility management solutions
• Digital Defense, Inc. [6], a provider of managed security risk assessment solutions

The complete schedule is available at the Veracode booth.

Seinfeld’s Character Warns “No S.O.U.P. for You!” or the Enterprise

At the Veracode booth, visitors will learn how to protect the enterprise from insecure Software of Unknown Pedigree (S.O.U.P.), which can lead to customer data loss, gaps in defense against hackers, and even corporate intellectual property theft. Visitors will also have the opportunity to have their photo taken with Seinfeld’s irreverent soup chef, Larry Thomas, and learn why Veracode cautions “no S.O.U.P. for you!” for today’s enterprises. The complete photo session schedule can be found here: http://www.veracode.com/rsa [7].

Free Mobile Gaming App

Also in the booth, visitors will have an opportunity to play “SOUP Assault [8]” a free mobile gaming app that challenges participants to dodge a gauntlet of hazards and race to escape the attacking S.O.U.P. while collecting security budget and boosting their security know-how. The app is also available for download from the Apple App Store.

Veracode Partner Activity at RSA

Veracode will also participate in several partner booths at RSA including the Patriot Technologies [9] (booth #656) demonstration [10] of its integrated mobile device security management solution. Additionally, Veracode and Good Technology [11] (booth #226) will both showcase Veracode’s integration with Good Dynamics their respective booths.

About Veracode

Veracode [12] is the only independent provider of cloud-based application intelligence [13] and security verification [14] services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning [15] to penetration testing [16] and static code analysis [17]. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with customers in more than 80 countries worldwide representing Global 2000 brands. For more information, visit www.veracode.com [18], follow on Twitter: @Veracode [19] or read the Veracode Blog [20].