REQUIREMENT:

Submit one or more description documents, preferably in text or pdf format, with the following information.
    * Relevant details about the environment in which you ran the tool, including the OS, version of compiler, etc.
    * For each run, note whether it used the tool in default or customized configuration. For each custom run, specify all affected settings (including command line options, configuration files and custom rules) in enough detail so that the run can be reproduced. If certain settings, such as custom rules, are in special format, please submit them in separate file(s).
    * For each run, note if annotations were manually added to the code of the test cases. If so, submit the annotated test case, either only the affected files or the complete test case.

RESPONSE:

These results were produced by the Veracode SecurityReview service as of July 12, 2010 in default configuration (the only possible configuration).  SecurityReview is delivered using Software as a Service (SaaS).  Binary executable code or bytecode with debug symbols is uploaded to the Veracode Analysis Center.  The code is then analyzed for weaknesses. Before the results are available on the Veracode Analysis Center portal, a human quality review is performed to remove anomalies such as high false positives in a particular weakness category.  This quality review does not add any new results.  This quality review is repeatable and always performed for any submission to the Veracode SecurityReview service.  SATE test cases were processed like any customer job without any additional attention or treatment.
