Veracode Announces VERAFIED™ Mark of Software Security – Software Certified For the Top 25 Most Dangerous Software E
Posted Jul 28 2010 12:32pm
I mention the EHR portion of this as it’s a possible area that could be entertained. With the new certification rules and ONC getting organized and set up to start the process, this is something to think about too, as the focus with certification has primarily been around the user interface and accuracy and something for security probably should be there too.
In the news recently was the Siemens malware attack, a healthcare/medical company so I think this is worth a mention here as we all want the systems to be as secure and bullet proof as we can get. There are other companies as well that offer similar types of services too and for those using “cloud” technology you have to have something strong with the exposure potential. According to the press release Siemens had waited over 2 years to fix the problem.
With medical records it could be assumed that the IT department too would take care of this but again with exposure today being certified with medical data could certainly not hurt one bit, especially when accessing data across domains and importing for aggregation services. BD
BURLINGTON, Mass.--( EON: Enhanced Online News )-- Veracode, Inc. , the world’s leader in cloud-based application risk management, today unveiled the new VERAFIED™ High Assurance mark of software application security for the CWE/SANS Top 25 Most Dangerous Software Errors. This prominent industry “seal of approval” indicates to a software provider’s customers and partners that an application has been independently assessed and that the testing did not detect exploitable software weaknesses identified in the list of the Top 25 Most Dangerous Software Errors as defined by the MITRE Common Weakness Enumeration (CWE) project that is sponsored by the US Federal Government.
The independent high assurance assessment is performed with SecurityReview ®, Veracode’s patented cloud-based automated security verification service , and complemented by manual penetration testing to identify flaws in business logic and design.