Abstract: A web service vulnerability metadata exchange system that provides for verification of web services during development by testing for the latest vulnerabilities based on security, policy, and best practice profiles prior to release of the web services, and wherein the web service vulnerability metadata exchange system will automate the surveillance of deployed web services so that new vulnerabilities are profiled and captured for use in verifying new software releases, wherein the system includes a metadata registry coupled to a database including vulnerability metadata, an update manager for updating the database records, and an access manager for authenticating and/or authorizing access to the database records.