Two security startups have released their first products this week, claiming to break new ground in the way companies evaluate app security and stop information leaks.
Veracode's software automatically evaluates companies' own software for security problems, and Provilla makes a system designed to keep tabs on sensitive data. Both officially launched on Monday.
Veracode announced US$19.5 million in venture capital funding at the same time as launching several versions of its automatic, on-demand security analysis system, SecurityReview. The company said SecurityReview is the industry's first on-demand security review service.
The service comes in three flavors: for enterprises, vendors and partners. Enterprises can use the service to continually evaluate programs for security issues, including bugs in the binaries, but also such higher-level issues as missing security features, or problems that can arise from combining two otherwise secure programs.
The vendor version looks at security that has been purchased before it's integrated into the rest of the infrastructure, and works with vendors to improve their applications. The partner version lets platform vendors evaluate the security level of partner-developed applications.
Because the service analyses binaries, companies don't have to allow outsiders access to their source code. Its approach has limitations, though - it doesn't provide manual analysis and doesn't fix the problems it uncovers, like some security firms.
Companies can stumble into security issues even if all their programs, separately, are secure, said Veracode chief scientist and co-founder Christien Rioux in a company blog post. The ability to continually scan programs is one answer to this problem, he said. "The digital immune system needs to be 'always-on', and deal with the occasional infection with speed and then come to recognize problems quicker the next time they surface."
The company's president and chief executive, Matthew Moynahan, is former vice president of Symantec's Consumer Products and Solutions division.