Veracode Verification Demonstrates CollegeSource Ongoing Commitment to Application Security
SAN DIEGO, May 4, 2020 – CollegeSource, the higher education industry’s most trusted SaaS provider of transfer and degree achievement solutions, today announced its successful participation in Veracode Verified, a program that validates a company’s secure software development processes, for its uAchieve® solutions. With approximately 30 percent of all security breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. Veracode Verified empowers CollegeSource to demonstrate its commitment to creating secure software.
“We strive to provide higher education staff and students with secure applications they can trust. With Veracode Verified, we ensure uAchieve has continuous integration of security throughout its development processes,” said Dale Peters, senior vice president, product development, CollegeSource.
When purchasing software, customers and prospects need confirmation about the level of security that a software product offers. As part of Veracode Verified, CollegeSource demonstrates that its uAchieve Degree Audit and Academic Planning System has undergone rigorous security testing as part of the development practice. Additionally, participating in the program ensures that the software meets a high standard of application security, reducing risk for the customer.
Organizations that had their secure development practice validated and their application accepted into the Standard Tier have demonstrated that the following security gates have been implemented into their software development practice:
- Assesses first-party code with static analysis
- Documents that the application does not allow Very High flaws in first-party code
- Provides developers with remediation guidance when new flaws are introduced
CollegeSource is proud to achieve Veracode Verified Standard status for the uAchieve Degree Audit and Academic Planning System. By supporting student and advisor collaboration in planning an academic career, the cloud-based application ensures students have accurate and personalized information for achieving educational goals. uAchieve Degree Audit is a fully featured solution that tracks student progress and outlines remaining requirements needed for graduation, and uAchieve Planner is an academic planning tool that helps create guided pathways to graduation, leveraging existing audit data. In keeping student and institutional data secure, the investment in application security is a top priority for CollegeSource and is shown through its participation in the Veracode Verified program.
Added Veracode’s Director of Customer Engagement Asha May, “CollegeSource is committed to delivering secure code to help organizations reduce the risk of a major security breach. Companies that invest in secure coding processes and follow our protocol for a mature application security program are able to deliver more confidence to customers who deploy their software.”
CollegeSource is the higher education industry’s trusted SaaS provider of transfer and degree achievement solutions. For nearly 50 years, CollegeSource has led market-changing transformation by inventing and investing in technology solutions that aid the staff and students of higher in their quest to plan and complete academic careers. As the archiver of the nation’s extensive higher education course catalogs, CollegeSource’s degree audit, academic planning, and transfer credit evaluation solutions are depended on by more than 2,000 institutions and millions of individuals worldwide. Founded and led by higher education and technology veterans, CollegeSource is a privately-held company based in San Diego with offices in Cincinnati, Ohio. For more information, please visit collegesource.com.
Young & Associates for CollegeSource
“What versions of uAchieve do you support?”
This is a recurring question that rarely has a straightforward answer. We are hesitant to say we do not support any version because we always try to help, regardless of what uAchieve version a client is running. That is especially true of encoding advice, as most of that advice applies to all uAchieve releases—and even DARwin. On the other hand, we have been reluctant to declare that we support all versions because the responsibility of providing technical support requires access to various versions of operating systems, databases, containers, Java, etc., some of which may no longer be supported/available from the vendor.
To achieve more clarity in communicating our support commitments, we have identified three levels of support and three types of support available for each version of uAchieve:
Levels of Support
- Not Supported
Types of Support
The new uAchieve Support Matrix provides a concise visualization of our support commitments by level and type for each version! You may want to take a moment to review the matrix before reading the definitions below for each level and type of support.
The following levels of support are applied in the context of a specific uAchieve version AND the type of support. For example, typically an older uAchieve version has premier functional support, but no technical or patch support. The levels and types of support available are solely a matter of the age and nature of each version. This is not a tiered plan in which you are asked to pay for higher levels of support. If a version has premier functional support, for instance, all clients who pay maintenance or a subscription receive that support.
Premier (Full) Support
Within the constraints outlined by each type of support below, we are committed to resolving support issues raised by clients in a timely manner. “Within the constraints” means, for example, that under Functional Support we would provide advice and guidance about how to resolve an encoding question, and may even provide an example solution. However, our support commitment does not include doing the encoding in your system. We can provide those services, but that would be covered as part of a Services contract.
Due to the age of the release, we may not have access to an operational instance of the uAchieve version in question, or our expertise may be diminished. Under sustaining support, we will do our best to answer questions and resolve issues, but our ability to provide an effective response may be limited.
We no longer provide the type of support in question for the specified uAchieve version.
Functional Support involves answering questions and providing solutions with regard to how uAchieve operates and how an institution’s academic policies could be implemented and enforced within the system.
In short, functional support is encoding support. We will provide end-user and encoding support for all versions of uAchieve to the best of our ability. However, specific solutions may be available in newer versions of uAchieve that are not available in older versions. We are unlikely to ever put an end date on functional support for any version of uAchieve, but as a version ages beyond six years (two major versions behind the current release), our collective familiarity and ability to support that version is diminished.
Technical Support is providing advice and guidance with regard to system installation, configuration, and performance.
The expertise required to answer questions regarding the installation and configuration of the uAchieve Server and web applications is readily available. However, technical support does not include the actual installation on client systems or writing custom code. Again, this kind of direct help is available and may be purchased through a separate Services contract.
Patch Support is providing a software update outside of the normal release schedule for critical issues and security vulnerabilities.
Patches are provided at the discretion of CollegeSource and are only created to fix a bug that does not have a reasonable work-around. In most instances, patches are only created for clients in the middle of a uAchieve upgrade process. Patches are NOT provided for the purpose of adding enhancements to releases prior to their introduction. Also, patches do not run through the full extent of our normal quality assurance testing. Patches should be considered emergency fixes and we will only patch the last available release of a series — stay tuned for more about versions in the May newsletter.
By defining the levels and types of support we provide and mapping them into a uAchieve Support Matrix, we have tried to bring clarity to our commitments and fully answer the question, “which versions of uAchieve do you support?” If you have any questions or feedback, please do not hesitate to contact us.
Next month, we will discuss our streamlined uAchieve versioning and release model.