The security of third-party and open source software is an important issue facing financial services institutions. This spurred FS-ISAC to publish the “Appropriate Software Security Control Types for Third-Party Service and Product Providers” whitepaper. The FS-ISAC whitepaper states that as enterprises are getting better at defending traditional network perimeters, attackers are now targeting the software supply chain.
Despite the need to secure the software supply chain, conflicting opinions exist regarding how to assess the security of third-party software used by financial services and other firms.
“Enterprises increasingly rely on of third-party applications and components to get to market faster with new cloud and mobile applications. Some software vendors have suggested that there are other ways of addressing third-party risk outside the three controls outlined in the FS-ISAC whitepaper,” said
The Veracode Vendor Application Security Testing (VAST) program enables enterprises to reduce the risks associated with the use of third-party software -- whether it is open source, outsourced,
To read the full whitepaper visit: https://info.veracode.com/whitepaper-third-party-controls.html.
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-criminals can find and exploit them, Veracode helps enterprises deliver innovation to market faster – without sacrificing security.
Veracode’s powerful cloud-based platform, deep security expertise and programmatic, best practices approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.
Recognized as a Gartner Magic Quadrant Leader since 2010, Veracode secures hundreds of the world’s largest global enterprises, including 3 of the top 4 banks in the Fortune 100 and more than 25 of the world’s top 100 brands. Learn more at www.veracode.com, on the Veracode blog and on Twitter.