Skip to main content

About complementary user entity controls

Veracode takes responsibility for ensuring the security of your information when it is under Veracode’s control. However, some Veracode products and solutions depend on administrative controls within your organization or rely on infrastructure deployed in your environment. Therefore, your organization is responsible for implementing additional controls related to the use of Veracode products.

Veracode agreements document these shared responsibilities. The following is not a comprehensive list of all relevant security controls:

Communication and information

  • Your organization must report any identified security violations related to Veracode products as soon as they are discovered.
  • Your organization must communicate applicable security and confidentiality provisions to individuals who access Veracode products and services.
  • Your users are responsible for reading Veracode documentation to stay current with product and service updates.

Monitoring activities

Your users are responsible for monitoring Veracode products and services for notifications and status information.

Logical and physical access

  • Organizations that use the Virtual Scan Appliance, Application Perimeter Monitoring, Veracode Discovery, Veracode Dynamic Analysis, or Veracode Internal Scanning Management are responsible for managing their network and server infrastructure.
  • Your organization must ensure that access to Veracode products and services is limited to authorized individuals and that secure user IDs and passwords are used.
  • Your organization is responsible for reviewing employee access, including contractors, and notifying Veracode of any discrepancies.

System operations

Your organization is responsible for reporting any security or confidentiality breaches, as well as availability incidents, that impact Veracode products and services.