Veracode Verified status demonstrates commitment to developing secure software and reducing risk for customers
QAD Inc., a leading provider of next-generation manufacturing and supply chain solutions in the cloud, announced its achievement of Veracode Verified Team status for its Foreign-Trade Zone (FTZ) solution. The Veracode Verified program provides third-party validation of a company’s secure software development processes from Veracode, a leading global provider of application security testing (AST) solutions.
As part of Veracode Verified, QAD can now demonstrate that its FTZ solution has undergone security testing as part of the development practice. Participation in the program ensures that QAD FTZ meets a high standard of application security while reducing risk for the customer.
“QAD is committed to delivering secure code to help organizations reduce the risk of a major security breach,” said Brian Roche, chief product officer at Veracode. “Companies that invest in secure coding processes and follow our protocol for a mature application security program are able to deliver more confidence to customers who deploy their software. With validation that all requirements of Veracode Verified Team Tier status have been met, QAD FTZ meets high standards that promote fast and secure code deployments for customers.”
Organizations that have had their secure development practice validated, and their application accepted into the Team Tier, have demonstrated the following security steps have been implemented into their software development practice:
- Assesses first-party code with static analysis.
- Document that an application doesn’t include Very High or High flaws, and that you have a 60-day remediation grace period to remain in compliance.
- Establish a scanning cadence of at least every 90 days.
- Identify a security champion within the development team to serve as a peer resource to development team members, ensuring secure coding practices across the development lifecycle.
- Provide training or labs on secure coding for the identified security champion.
- Assess open-source components for improved security, and document that they don’t contain any Very High or High vulnerabilities.
- Provide developers with remediation guidance for both first-party code flaws and open-source vulnerabilities.
With QAD FTZ, manufacturers and distributors can establish and successfully manage foreign-trade zones and bonded warehousing operations. Aligned with QAD’s end-to-end global trade and transportation solutions, distributors and manufacturers can leverage an integrated approach to establishing and managing FTZ operations, lowering importing costs, enhancing inventory control, and improving supply chain velocity and flexibility.
QAD FTZ enables manufacturers and distributors to maximize the benefits of FTZs. In the United States, foreign-trade zones are considered to be outside the US Commerce and Customs territory. As a result, companies that utilize the FTZ program can defer and often reduce, or even eliminate, duty payments on goods until they enter into the US. Furthermore, if goods are imported into an FTZ and then re-exported from the FTZ, or destroyed or scrapped within the zone, companies pay no duties on those goods. By leveraging an FTZ, manufacturers and distributors benefit from significant cost savings, including:
- Reduce or even eliminate duties on manufactured goods
- Reduce importing fees, such as Merchandise Processing fees
- Gain duty exemption on re-exports
- Eliminate need for Duty Drawback
- Eliminate duties on waste, scrap and production yield loss
- Avoid tariffs and certain PGA requirements while in the FTZ
- Improve on-time delivery performance
- Enhance supply chain performance
“We are thrilled to see our FTZ solution achieve Verified status recognition as it demonstrates our commitment to providing secure code to our customers,” said Charles Sutherland, chief product officer at QAD. “Much is to the credit of our FTZ consultants and their far-reaching levels of expertise, having completed over 1,000 FTZ projects to date.”
For a complete list of QAD applications achieving Veracode Verified status, visit the Veracode website.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!
