Veracode's Commitment to Customer Security and Confidentiality Validated With Independent SysTrust Certification

Ernst & Young Examines Security of the Veracode Code Assurance Platform

BURLINGTON, MA--(Marketwire - December 11, 2007) - Veracode, Inc., the industry's first provider of automated, on-demand software security testing and assessment solutions, announced it has achieved SysTrust® certification. In doing so, Veracode establishes its adherence to one of the most rigorous, industry-accepted auditing standards for service companies. The successful examination, which was conducted by Ernst & Young, provides additional validation to Veracode clients that the Veracode Code Assurance Platform and software as a service model is secure.

The SysTrust examination is a rigorous process developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) to provide independent assurance that an organization's systems are reliable. Ernst & Young evaluated Veracode's Code Assurance Platform to make sure that appropriate internal controls were in place and compliant with the SysTrust Security and Confidentiality Principles which assert the following:

--  The system is protected against unauthorized access (both physical and
--  Information designated as confidential is protected as committed or

"The SysTrust examination is a significant accomplishment for Veracode and underscores our commitment to treating customer data with unparalleled security and confidentiality," said Matt Moynahan, CEO of Veracode. "Having had our own legal, regulatory and technical infrastructure examined by Ernst & Young assures our customers that we take the security of their data very seriously. Securing our client's information is our top priority."

Veracode's on-demand software security and assessment solution, SecurityReview®, is offered as a service. Consequently, ensuring the security and confidentiality of that data is paramount.

As part of the SysTrust certification process, Veracode chose to implement a system of checks and balances to provide governance for the program, placing particular focus on critical areas including monitoring, compliance and incident response, in order to ensure customer security and confidentiality.

The SysTrust examination can be viewed at:

The SysTrust certification augments Ernst & Young's attestation of Veracode's managed service environment as a SAS 70 Type II compliant data center. Together the two certifications underscore Veracode's commitment to service delivery excellence and formal third-party certifications.


Veracode is the industry's first provider of automated, on-demand application security solutions. Created by a world-class team of application security experts, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode's core service, SecurityReview uses patented binary code analysis and dynamic web analysis that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.

As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode's SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.

Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners.

Contact Information: Contacts: Kate Munro Veracode, Inc. 781-425-6040 ext. 296 Rachel Labas Lois Paul & Partners 781.782.5787