Bridging the Needs of Security and Development Teams, Veracode Unveils Next-Generation Software Security Platform
Veracode, a leading global provider of application security testing (AST) solutions, today announced its Continuous Software Security Platform, which seamlessly embeds application security into the software development lifecycle (SDLC). The platform streamlines workflows by bringing together development and security teams to provide a broad understanding of risk, remediation guidance, and progress at every stage of the development process.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220504005671/en/
Fig. 1 The Veracode Continuous Software Security Platform (Graphic: Business Wire)
According to Veracode’s latest research, there has been a 20x increase in average scan cadence over the past decade, with most applications tested three times per week, as opposed to three times per year a decade ago. The research also showed a 31 percent increase in organizations using multiple scan types over the last three years alone.
Today, leading organizations recognize the need to leverage multiple methods to assess their software and do so across all stages of the development lifecycle. Gartner® predicts that “by 2025, 70% of organizations will consolidate the number of vendors securing the lifecycle of cloud-native applications to a maximum of three vendors.” ¹ This suggests companies are already looking for a comprehensive platform that provides flexible policy management, a holistic assessment of software risk, and integrated remediation guidance, while simplifying the complexity of managing multiple solutions.
Pervasive but Not Invasive for Developers
With increased pressure to build and deploy software at breakneck speed, development teams require security checks to be seamlessly integrated into the tools where they work so they can find and fix vulnerabilities quickly. Meanwhile, security teams must meet increasingly stringent compliance standards defined by their boards and regulatory bodies. Veracode’s Continuous Software Security Platform is pervasive but not invasive because it provides a frictionless experience for developers by embedding vulnerability analysis with remediation guidance directly into the integrated development environment.
Brian Roche, Chief Product Officer at Veracode, said, “Other vendors in our space have incomplete or disjointed solutions that lack consistent reporting and analysis, leaving customers playing a game of ‘whack a mole’ across different tools. We have continued to evolve our platform to create a seamless and integrated experience for developers, as well as provide security teams with a holistic view of their software security posture from design, through development and deployment. We see this as a win for both development and security teams that will result in the delivery of software that is more secure.”
Veracode Continuous Software Security Platform
The Veracode Continuous Software Security Platform enables users to define and manage security policy, gain a comprehensive view of software security across their application portfolio, and leverage rich analytics to make informed plans, communicate metrics, comply with policy, and meet regulatory requirements. Powered by almost two decades of data, the platform enables organizations to detect, predict, manage, and, ultimately, mitigate their security risk. These intelligent capabilities empower companies to deliver secure code at the speed and scale expected in today’s world.
The new Veracode Continuous Software Security Platform release features several new capabilities including:
- Single-Pane-of-Glass Reporting: Security teams can now access unified reporting directly in the portal for Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Testing. Administrators and developers now have a consolidated view into security risks, as well as flexible policy controls through stronger license management reports to address issues quickly.
- Self-Service Peer Benchmarking: With comprehensive data and anonymized insights across all platform users, customers now have direct access to reports on the portal, which enable them to easily benchmark their DevSecOps program results against others in their industry. Tapping into many years of data and learning, customers can see how their program metrics stack up and establish plans to address their risk.
- Software Bill of Materials (SBOM): Security teams can now generate and export SBOMs on demand with an integrated representational state transfer (REST) API. This returns data for a specific application in CycloneDX SBOM format—a standard designed for use in application security contexts and supply chain component analysis. Additionally, data from the API can be mined and transformed outside of the Veracode Platform.
- Intelligent Remediation: The Continuous Software Security Platform will leverage technology acquired from Jaroona to detect and remediate software vulnerabilities through machine learning. Jaroona, which was recognized by Gartner Research as a “Cool Vendor” in 2021, outperforms traditional approaches by 7x to 10x in terms of accuracy, false negatives, and false positive rates, and reduces the burden on technical resources.
According to Tabrez Naqvi, Director of Information Security and Risk at Cox Automotive, “The security of our products and services is very important to us, and Veracode helps us ensure that we never lose our customers' trust and confidence."
For more information on the Veracode Continuous Software Security Platform visit https://www.veracode.com/platform.
¹Gartner, Inc. ”Predicts 2022: Consolidated Security Platforms Are the Future” by Charlie Winckless, Joerg Fritsch, Peter Firstbrook, Neil MacDonald, Brian Lowans, 1 December 2021
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
For more information, please contact:
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
PwC Belgium and BR-AG Collaborate on Agile Platform to Unlock Value Behind Regulatory Reporting18.5.2022 11:03:00 EEST | Press release
As regulatory reporting requirements become more complex and regulators become more demanding on the data quality, financial institutions must deal with time-consuming regulatory reporting processes and manage the associated risks. Tapping into this challenge, PwC Belgium, with the support of technology-collaborator BR-AG, developed Regulatory Reporting Insights, powered by BR-AG’s ATOME Matter and ATOME Particles solutions. “I am excited about the opportunities this improved collaboration with our trusted technology partner BR-AG will bring. This allows financial institutions not only immediate access to an increased level of trust in their regulatory reporting but also to unlock the insights their regulatory reporting contains that was previously only accessible to supervisors.” Jeroen Bockaert, Partner and Product & Services Leader at PwC Belgium “It is truly inspiring that our collaboration with PwC has coined into developing this cutting-edge, data-driven tool. As technology exper
FourKites Hires Supply Chain Veteran in Europe, Underscoring Significant Growth in International Ocean Visibility18.5.2022 11:00:00 EEST | Press release
Philippe Salles has been appointed FourKites’ Vice President of Strategic Solutions (Ocean), bringing a wealth of experience to this booming area of the company’s business. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220518005080/en/ Philippe Salles has been appointed FourKites’ Vice President of Strategic Solutions (Ocean). (Photo: Business Wire) “I’m delighted to be joining FourKites,” says Philippe, who brings experience from CMA CGM, INTTRA and maritime research and consultancy firm Drewry. “Visibility has been ocean shippers’ top priority for decades, and today’s real-time visibility platforms have completely changed the game. In addition to its market-leading machine learning-driven platform, FourKites understands that industry mindset and professionalism are as important as the technology itself. We need to provide shippers with a long-term strategic vision for their supply chain to make them resilient and collabor
Virtual Exhibitions of 23 Museums Lands on the Alipay Platform to Enhance Engagement with Mobile-Savvy Audience18.5.2022 10:46:00 EEST | Press release
On International Museum Day 2022, 4DAGE announced it landed virtual tours and exhibitions of 23 museums, including the historic Henan Museum and Zhejiang Provincial Museum in China and the Hetjens Museum in Germany, through a mini program on Alipay, the leading digital open platform. The collaboration between 4DAGE and Alipay provides China’s mobile-savvy audience an opportunity to better engage with and learn about the museums’ rich histories. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220518005528/en/ A large bronze mask from China’s “Sanxingdui Ruins” displayed in the Sichuan Museum’s Bronze Age exhibition; from the virtual tour on the Alipay platform (Photo: Business Wire) The mini program “Yunshang Mibao” (translated as “treasure hunting on the cloud”) launched on the Alipay platform provides users an immersive museum-visiting experience at their fingertips. They can appreciate the beauty of cultural relics in 3D an
REPLY – Digital Experience Is Recognised as No. 1 Internet Agency and Company Group for the Fourth Year in a Row by BVDW18.5.2022 10:30:00 EEST | Press release
As done in the previous three years, the Bundesverband Digitale Wirtschaft (BVDW) honours Reply – Digital Experience once again as the top company in their ranking of Internet Agencies for 2022. This recognition shows Reply – Digital Experience’s capability to offer technical solutions in conjuction with creative agency services and the right customer experience strategies. In addition, Reply – Digital Experience saw an increase in sales and their staff in the past financial year as a result of both continuous organic growth and the acquisition of Comwrap, a company headquartered in Frankfurt, specialised in cloud-based digital experience platforms. “To implement a holistic digital experience strategy it is essential to have the interplay of marketing and technology, outstanding creative ideas and a deep understanding of user needs. This involves the use of technology stacks and concepts such as artificial intelligence, virtual and augmented reality, data-driven marketing and conversat
Metanomic Acquires Intoolab, Developers of the First Bayesian Network Artificial Intelligence Engine18.5.2022 10:30:00 EEST | Press release
Today, Metanomic (https://www.metanomic.net/) announces it has acquired Intoolab A.I (https://www.intoolab.com/) , a Bayesian Network Artificial Intelligence company, to expand and to improve data analysis and A.I across video games and Web3. This acquisition augments Metanomic’s current game economy infrastructure that allows developers to build, simulate and run balanced game economies and core gameplay loops in a live, real-time environment. The addition of artificial intelligence helps developers create better experiences through intelligent insight from player behaviour in run-time. As a part of the acquisition the existing solution will be rebranded to Thunderstruck and extend the capabilities of the Metanomic Engine. A more intelligent approach to video game development and Web3 analytics Thunderstruck is based on a new approach to artificial intelligence that is not based on off the shelf machine learning algorithms but a powerful combination of Deep Learning and Dynamic Bayesi
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.Visit our pressroom