The Software Security Ratings Service promises to chart both the severity and potential exploitability of any flaws it locates in a particular program, along with the types of business information which could be exposed by an attack on the applications being tested.
"This isn't necessarily a development problem as people have been making it out to be; secure coders simply don't grow on trees, and developers have not been trained in the security testing process," Moynahan said. "This also helps tackle the development outsourcing problem when it comes to security, instead of forcing companies to reconsider the approach altogether based on fears of insecure code."
One roadblock that has made it difficult for such an independent software rating system to have been developed in the past is that companies have been reluctant to release their source code to outsiders for testing, mainly out of fear of handing over their most valuable intellectual property to others, the CEO said.
Since the ratings system is delivered via a software-as-a-service (SaaS) model whereby users aren't forced to distribute their code externally for testing, Moynahan expects that more development shops will be open to testing their code in such a manner.
Beyond the ratings service, Veracode similarly offers its flagship SecurityReview application -- which promises to automate applications security auditing -- as an on-demand subscription service.
In the last month alone, two of the best-known providers of source code and Web applications security testing, Watchfire and SPI Dynamics, have been acquired by IBM and HP respectively, illustrating a major push among providers of software development tools to further integrate security monitoring features into their products.
While those acquisitions should prove useful in helping businesses improve the security of their applications development process, at least one expert said that technologies provided by companies such as Veracode -- those that can look directly at binary code for vulnerabilities -- could see increased demand as developers seek even more tools for driving mistakes and incompatibilities out of their programs.
"Developers should be trying to find all possible ways to break their applications, not just looking at source code for mistakes; they need to have a more hacker-like mentality, and to do that you have to test throughout the whole development process," said Joseph Feiman, analyst with Gartner, based in Stamford, Conn.
"To that end, no one today is testing binary code, which could be a significant benefit to improving security, so there will be a growing market for those tools that can handle that type of work," Feiman said. "Especially with the rise of SOA, and with people buying packages and services that offer them no access to the source code, we should see growth in this evolving market for binary testing tools."