Feenics announced that it participated in CA Technology’s Veracode Verified program over the past 10 months, a stringent process that validates a company’s secure software development procedures, and has received the seal of Verified by Veracode.
With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers Feenics to demonstrate its commitment to creating secure software.
When purchasing software, customers and prospects are demanding to understand how secure the software is. As part of CA Veracode Verified, Feenics can now demonstrate through a seal and provide an attestation letter from an industry leader that the application has undergone security testing as part of the development practice. Additionally, participating in the program ensures that our software meets a high standard of application security, reducing risk for the customer.
Security gates in software development
Organisations that had their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice:
- Assesses first-party code with static analysis
- Documents that the application does not allow Very High flaws in first-party code
- Provides developers with remediation guidance when new flaws are introduced
The API is secured with TLS encryption and optionally authenticated with time-based, one-use passwords (RFC 6238)
Keep’s RESTful API
The Keep API provides the developer with programmatic access to all the functionality of a deployed physical access control solution. From adding cardholders, to adjusting door schedules, modifying access levels or querying for hardware status, all activities are programmable through this unified, RESTful API.
In addition to the stateless HTTPS protocol the API service also offers a live stream of events over a web-socket connection. This stream of events can be used for live alarm monitoring, real time data analysis and threat detection. The API is secured with TLS encryption and optionally authenticated with time-based, one-use passwords (RFC 6238).
Reducing risk of security breaches
“Feenics is committed to delivering secure code to help organisations reduce the risk of a major security breach. Companies that invest in secure coding processes and follow our protocol for a mature application security program are able to deliver more confidence to customers who deploy their software,” said Asha May, CA Veracode.
Denis Hebert, President of Feenics, stated that “third party review and audit within our software development lifecycle is an essential part of the vulnerability assessment process, ensuring that Feenics does everything possible to mitigate cyber risk for our users.”
Feenics believed it needed to take additional precautions to validate our solution, Keep, from potential threats"
Additional precautions against threats
“As breaches become more prevalent, the electronic security industry has a responsibility to take every possible step to guard against potential threats that may be caused by weaknesses within its API."
"While quality assurances (QA) are steps that all manufacturers should take before release of any solution or additional functionality, Feenics believed it needed to take additional precautions – such as taking part in and being compliant with Veracode’s Verified program – to validate our solution, Keep, from those potential threats,” said Paul DiPeso, Executive Vice President, Feenics.