Veracode takes responsibility for ensuring that your information is kept secure when it is under the control of Veracode. Some parts of Veracode products and solutions depend on your organizational administrative control or rely on infrastructure installed in the environment in your organization. Therefore, you are responsible for implementing additional controls related to your use of Veracode products.
Veracode agreements document these controls. This is not a comprehensive list of all relevant security controls:
Communication and information
- Your organization is responsible for reporting to Veracode any identified security violations related to Veracode products whenever those security violations appear.
- Your organization is responsible for communicating security and confidentiality provisions to individuals accessing information within Veracode products and services.
- Your users are responsible for reading the Veracode documentation to stay current with changes to Veracode products and services.
Your users are responsible for monitoring Veracode products and services for notification and status information.
Logical and physical access
- Organizations that use the Virtual Scan Appliance, Application Perimeter Monitoring, Veracode Discovery, Veracode Dynamic Analysis, or Veracode Internal Scanning Management are responsible for managing their network and server infrastructure.
- Your organization is responsible for ensuring that access to Veracode products and services is limited to authorized and appropriate individuals. Your organization should limit access and ensure that secure user IDs and passwords are used.
- Your organization is responsible for reviewing employee access, including any contractors, to Veracode products and services and notifying Veracode of any discrepancies.
Your organization is responsible for reporting any security or confidentiality breaches and availability incidents that impact Veracode products and services.