Skip to main content

Vendor Application Security Testing

The Veracode Vendor Application Security Testing (VAST) program helps enterprises better understand and reduce the security risks associated with using vendor-supplied software.

VAST programs strengthen vendor compliance with enterprise IT application security policies by analyzing and attesting to the security posture of each application in the software supply chain of the enterprise. The VAST solution is the first comprehensive vendor application security compliance program, which is a crucial part of sound governance, risk management, IT vendor management, and regulatory efforts.

The documentation defines an enterprise as the requester of software security attestation. A vendor is the receiver of a software security attestation request. The same Veracode customer may have both roles in different contexts.