Veracode has announced the formation of its ZeroDay Labs website for education, collaboration and community building for security-aware professionals.
The concept is to host a dedicated website and shared resource where visitors can interact, contribute and learn how to identify new security gaps, improve the accuracy of real-world application vulnerability detection, and communicate findings in order to improve the state of software security.
The company said that it will offer code-level examples of vulnerabilities drawn from member experiences and as the community grows, based on voluntary submissions, Veracode will accelerate awareness and remediation efforts by sharing real-world examples among participants.
Submissions can be made by either known vulnerabilities, where organisations can then use the assessment to automate detection across their portfolio; or unknown, where manual source code review is used to augment and improve static binary analysis.
It is led by members of Veracode's core research team including Chris Wysopal, co-founder and CTO; Chris Eng, senior director, security research; and Tyler Shields, senior security researcher.
Speaking to SC Magazine, Wysopal said: “We are looking for more dialogue with developers; customers have binaries and are looking to submit source or binary code to do a manual inspection of a vulnerability. We want to find code and keep pushing to understand how to create more secure commercial applications.
“We want to tackle the problem with the customers and others too, vendors have ten plus products and vulnerabilities come in clusters and across products, and as soon as they realise that there is a vulnerability in it the tools do not catch the vulnerability so it gets displayed and researchers and black hats find them and mine it over and over again.”