We use Moodle 2.4.4+ right now for company training. Up to this point the site has been an internal site with no way for employees to access training from home. Our management wants to open this up for use at home and has asked me to work with our IT and Security groups to make this happen. When I first talked to our security manager he talked about having to do a vulnerability scan through veracode and then asked what the codebase was, I told him PHP and he just laughed and said that it would never pass.
My question to the community is this; how indepth a scan does veracode do and should I be worried about Moodle not passing this scan?