Managing Vendor Application Risk

Third-Party Application Security Testing

The Veracode Vendor Application Security Testing (VAST) program helps enterprises better understand and reduce the security risks associated with using vendor-supplied software.

VAST programs strengthen vendor compliance with enterprise IT application security policies by analyzing and attesting to the security posture of each application in the enterprise’s software supply chain. The VAST solution is the industry’s first comprehensive vendor application security compliance program, which is a crucial part of sound governance, risk management, IT vendor management, and regulatory efforts.

In all documentation in the Veracode Help Center, an enterprise is defined as the requester of software security attestation. A vendor is the receiver of a software security attestation request. A single Veracode customer may have both roles in different contexts.