Veracode has launched a Software Security Ratings Service, introducing its new system for use in testing the security of applications.

With the debut of the service, Veracode claims to have unveiled the world's first standards-based system for rating the overall security of software programs before they are put into production mode.

While many companies that harbour software development departments have begun using source code analysis tools to look for potential vulnerabilities in their applications, Veracode aims to take the process one step further by offering businesses and ISVs the ability to scan binary code of their programs for problems.

Testing binary code, versus scouring individual lines of source code, allows developers to scan an entire application before it is taken into production, thus increasing their likelihood of finding errors they might have missed along the way, and eliminating the need to pursue code that ends up getting cut from a program before it approaches its final state, Veracode officials said.

The approach also benefits efforts to develop software using the increasingly popular SOA approach by allowing workers to test code being drawn from multiple programs in their final, integrated state, the company maintains.

"The software industry is valued at roughly $350 billion, but the entire industry has almost no notion of its own security quality, and part of that problem is that there haven't been tools like this in the past," said Matt Moynahan, chief executive of Veracode.

"This is a responsible way for people to improve the security of their code without placing an undue burden on an ISV community that is already desperate to fix this problem, but faces a huge challenge in finding people who are capable of writing safer programs," he said.

By allowing such ISVs and internal software development shops to assess where they may have problems earlier in the design process, or before applications have been installed, Veracode can dramatically cut the amount of time and effort necessary to find and fix subsequent security problems, he said.

Original reporting by Matt Hines, InfoWorld (US).