Feenics announced that it participated in CA Technology’s Veracode Verified program over the past 10 months, a stringent process that validates a company’s secure software development procedures, and has received the seal of Verified by Veracode.

With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers Feenics to demonstrate its commitment to creating secure software.

When purchasing software, customers and prospects are demanding to understand how secure the software is. As part of CA Veracode Verified, Feenics can now demonstrate through a seal and provide an attestation letter from an industry leader that the application has undergone security testing as part of the development practice. Additionally, participating in the program ensures that our software meets a high standard of application security, reducing risk for the customer.

Security gates in software development

Organisations that had their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice:

  • Assesses first-party code with static analysis
  • Documents that the application does not allow Very High flaws in first-party code
  • Provides developers with remediation guidance when new flaws are introduced

The API is secured with TLS encryption and optionally authenticated with time-based, one-use passwords (RFC 6238)

Keep’s RESTful API

The Keep API provides the developer with programmatic access to all the functionality of a deployed physical access control solution. From adding cardholders, to adjusting door schedules, modifying access levels or querying for hardware status, all activities are programmable through this unified, RESTful API.

In addition to the stateless HTTPS protocol the API service also offers a live stream of events over a web-socket connection.  This stream of events can be used for live alarm monitoring, real time data analysis and threat detection. The API is secured with TLS encryption and optionally authenticated with time-based, one-use passwords (RFC 6238).

Reducing risk of security breaches

Feenics is committed to delivering secure code to help organisations reduce the risk of a major security breach. Companies that invest in secure coding processes and follow our protocol for a mature application security program are able to deliver more confidence to customers who deploy their software,” said Asha May, CA Veracode.

Denis Hebert, President of Feenics, stated that “third party review and audit within our software development lifecycle is an essential part of the vulnerability assessment process, ensuring that Feenics does everything possible to mitigate cyber risk for our users.

Feenics believed it needed to take additional precautions to validate our solution, Keep, from potential threats"

 Additional precautions against threats

As breaches become more prevalent, the electronic security industry has a responsibility to take every possible step to guard against potential threats that may be caused by weaknesses within its API."

"While quality assurances (QA) are steps that all manufacturers should take before release of any solution or additional functionality, Feenics believed it needed to take additional precautions – such as taking part in and being compliant with Veracode’s Verified program – to validate our solution, Keep, from those potential threats,” said Paul DiPeso, Executive Vice President, Feenics.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?