The Verizon Data Breach Investigations Report points out that vulnerability management and configuration weaknesses are common targets of attackers. Security software vendors are now offering cloud-based software security scanning services in hopes the message will sink in among small and midsize businesses. To meet those needs, Santa Clara, Calif.-based WhiteHat offers Sentinel for SaaS-based Web application scanning. Meanwhile, Burlington, Mass.-based Veracode sells a SaaS-based application code analysis service and is seeking channel partners. Industry analysts say the cloud-based services are increasingly used by businesses that don't have the deep pockets to invest heavily in a software security program.