ELMAH Achieves Veracode Application Security Rating

BURLINGTON, MA--(Marketwire - August 18, 2009) - Veracode Inc., provider of the world's
leading Application Risk Management Platform, today announced that the
ELMAH (Error Logging Modules and Handlers) open source project has received
Veracode's "A" security rating. This achievement demonstrates that ELMAH
has developed a secure application that has been independently evaluated
for software vulnerabilities against industry standards such as the OWASP Top 10 and SANS-CWE Top 25.

"We're delighted that ELMAH has earned Veracode's 'A' security rating,"
said Atif Aziz, the creator and lead developer of ELMAH. "ELMAH has
recently received widespread attention from the Microsoft developer
community as it reached its 1.0 milestone. It has been downloaded by
thousands of developers and IT operators and deployed with their ASP.NET
applications during development, staging and production. With an
independent security rating, we are now able to give everyone, from
individuals to enterprises, greater confidence and insight into the
security of ELMAH."

Veracode's recently announced Open Source Ratings Database is a first of
its kind, central repository for security insight into enterprise-class
open source projects such as ELMAH. This effort helps spread adoption and
usage of open source projects, while enabling enterprises to gain an
understanding of the risk/benefit
trade-off of integrating open source.

"Open source software has become a critical component of an enterprise's
overall software portfolio," said Matt Moynahan, CEO of Veracode.
"Veracode's independent security ratings empowers open source project teams
to build more secure code and provides enterprises with insight into the
security of both commercial and open source software before they acquire
and deploy. ELMAH has established a leadership position in the market by
demonstrating the security quality of its software which will drive
continued adoption in enterprise markets."

ELMAH has rapidly become the most popular open source project for adding
centralized error logging and notification to ASP.NET web applications.
Even the best written web applications can have unforeseen issues.
Enterprise and independent developers leverage ELMAH to detect unhandled
exceptions in their web applications to quickly identify and remediate
issues. By taking advantage of ASP.NET's pluggable architecture, ELMAH can
be added dynamically to a running web application without the need for
recompilation or redeployment which makes integration seamless and doesn't
require any downtime.

About Veracode

Veracode provides the world's leading Application Risk Management Platform.
Veracode SecurityReview's patented and proven cloud-based capabilities
allow customers to govern and mitigate software security risk across a
single application or an enterprise portfolio with unmatched simplicity.
Customers include the world's largest and most security aware organizations
in every industry. Recognized as a Gartner "Cool Vendor," The Wall Street
Journal's "Technology Innovation Award," The Banker's "Information Security
Project of the Year" with Barclays, SC Magazine's "Best Vulnerability
Assessment Solution," Information Security "Readers' Choice Award," and
AlwaysOn Northeast's "Top 100 Private Company," Veracode is Software
Security SimplifiedT. For more information, visit www.veracode.com.