Simplifying Software Security: Veracode Enhances Frictionless Experience for Developers
Black Hat (booth #2428) – Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience. New features include extended integrations to support software composition analysis (SCA), a software bill of materials (SBOM) Application Programming Interface (API), and additional language and framework support for static analysis, further enhancing developers’ ability to secure software in the environments where they work.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220809005141/en/
Fig. 1 Veracode “Beat the Heat” security flaw heat map, State of Software Security Report v12 (Graphic: Business Wire)
Brian Roche, Chief Product Officer at Veracode, said, “Modern applications are mostly assembled, not written from scratch. Open-source code makes up a significant proportion of audited code bases—for example, 97 percent of the typical Java application is made up of open-source libraries*—increasing security risk and the need to identify supply chain risk. Our SBOM API, is designed to make it easier for developers to inventory their code base, including third-party components, allowing them to act quickly if new vulnerabilities emerge. Since the launch of our Continuous Software Security Platform in May, we have introduced additional capabilities that meet developers right where they work: in the integrated developer environment (IDE), code repository, and command line interface. These innovations are designed to drive adoption by making the platform even more developer friendly.”
Veracode’s platform supports 100+ languages and frameworks, including those for cloud-native application development and older languages used with legacy assets, like COBOL. Large enterprises have applications across myriad languages and being able to deploy a continuous security testing solution across them simplifies the process, while providing consistent results. The company’s latest State of Software Security (SoSS) 12 research analyzed the most common flaws by language and revealed that a prevalent flaw for one language may not be of any concern for another. For example, cross-site scripting (XSS) is the most common flaw for PHP, at 77 percent, but doesn’t even make the top 10 for C++*. Moreover, flaws change constantly, meaning that even if a flaw isn’t prevalent in a programming language, practitioners should still take active steps to prevent it from impacting their code. Since remediation tactics vary by flaw and programming language, having a broad array of language support in one place makes developers’ jobs easier by freeing up their time to focus on meeting tight deployment deadlines.
Frequent scanning of first- and third-party code mitigates the risk from both proprietary and open-source vulnerabilities, such as Log4j. Veracode’s new developer-centric tools and services are designed to make this a quicker and easier process, particularly with the additional capability of third-party proprietary library scanning.
Peter Evans, Engineering Director at QAD Precision GTTE, said, “Veracode brought a complete platform for us to build security tools into our development pipelines, as well as helped us grow our knowledge to keep getting better at security. Veracode was also a good fit because the platform can scan Java code in the Spring framework where we develop our software. We’ve gone from reviewing code to integrating continuous scans into our daily pipelines. Security threats don’t stand still and Veracode provides us the tools to keep up with the latest vulnerabilities and rules.”
Notable updates to the Veracode Continuous Software Security platform include:
SBOM for SCA
- With government regulations driving standards for securing software supply chains, having an SBOM is increasingly important for organizations. Veracode’s SBOM API in SCA enables developers to easily generate an SBOM in CycloneDX JSON format—one of the approved formats for compliance with the U.S. Executive Order. This helps confirm the code they’re using, or building, is free from vulnerabilities.
IDE and Integrations for SCA
To make software security a seamless experience, Veracode continues to introduce integrations that meet developers where they work.
- The Veracode Azure DevOps Extension has a new “SCA Flaw Importer” to automatically import SCA flaws into Azure DevOps Boards and Work Items
- The soon-to-be-released Veracode for Visual Studio Code extension provides detailed information on vulnerabilities, licence risks, and recommended versions of open-source libraries and transitive dependencies so developers can rapidly respond to any risks
Expanded Frameworks and Languages Support for Static Analysis
- The company is committed to keeping up with the latest language and frameworks with which developers work, adding support for Rails 7.0, Ruby 3.x, and PHP Symfony
Roche concluded, “As a pioneer of application security, we are uniquely positioned to combine unrivalled experience with the latest innovations in cloud development. Unlike on-premise vendors, our SaaS solution is both scalable and elastic, meaning customers are always prepared to meet unexpected demand. Powered by nearly two decades of cumulative data, our platform provides detailed comparative historical reviews against industry benchmarks and peers—a level of insight highly relevant for leadership teams and the board. Our platform also saves developers time by delivering highly accurate results and enabling them to find and fix vulnerabilities in minutes, meaning they can ship code quickly with the confidence that it is secure.”
Developers can learn more about Veracode’s platform, the frictionless developer experience, and how to simply and maturely secure their SDLC by visiting Veracode’s booth #2428 at Black Hat USA.
*Veracode State of Software Security Report v12, February 2022
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
Press and Media
Head of Global PR, Veracode
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Seoul Semiconductor Participates in the World’s Biggest Lighting Expo Held in Germany to Showcase its High-Efficiency & Performance LED Lighting Systems30.9.2022 11:00:00 EEST | Press release
Seoul Semiconductor Co., Ltd. (KOSDAQ: 046890), a globally recognized optical semiconductor manufacturer, takes part in ‘Light + Building 2022’ held in Frankfurt, Germany, from October 2 to 6, 2022 to unveil its high-efficiency and high-performance LED lighting solutions. This lighting festival is one of the world’s largest lighting expos attended by more than 200,000 visitors from 55 nations in the world. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220930005011/en/ [Photo] Seoul Semiconductor’s Booth for ‘Light + Building 2022’ (Photo: Business Wire) Seoul Semiconductor is expected to showcase differentiated lighting systems including ‘WICOP technology-based high-efficiency lighting solutions’ and ‘SunLike technology for reproducing natural light.’ WICOP high-efficiency lighting systems are mid- and high-power solutions that are mainly applied to landscape & horticulture lighting and street lamps. They outperform existin
Turkey is Calling Europe for Flight Trainings30.9.2022 10:30:00 EEST | Press release
Alfa Holding’s Aviation Services, Turkey’s rapidly growing private aviation services company, has met with leaders from European capitals to promote Turkey as a leading European flight training hub. Turkish civil aviation has received significant investment in recent years, developing into an important center for Europe in terms of civil aviation training. Turkey’s climate conditions and its first-rate, state-of-the-art equipped airports mean Turkey is vying with other countries to become a top aviation training hub in addition to offering other aviation-related businesses. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220930005023/en/ Turkey is calling Europe for flight trainings (Photo: Business Wire) Alfa Aviation Services Chairman of the Board Mehmet Fatih Pakır, at his recent visit to France engaged in bilateral meetings with industry peers, commenting, “We are planning to cooperate with the European civil aviation aut
Enlighted Ushers in New Era of Smart Building IoT Data and Space Intelligence30.9.2022 10:01:00 EEST | Press release
Today Enlighted, a leading proptech company, released a curated portfolio of smart IoT building solutions to create customer value and further enable sustainable enterprises across industries and geographies. According to analyst firm Verdantix1, 75% of firms will use IoT data for space utilization monitoring. The solutions announced today, part of Siemens' open business platform Xcelerator, elevate the use of IoT building data to a new level of functionality for leaders seeking to improve productivity of their operations and to reach carbon neutrality. “We anticipate our new solutions and alignment with Siemens Xcelerator business platform will enable our customers to leverage their building’s IoT and activity data to vastly improve processes and decisions around the interactions of people and their spaces,” said Stefan Schwab, CEO, Enlighted. “Additionally, we will help them further transform their real estate portfolios with a focus on long-term sustainability to meet ESG goals. ” S
L&T Technology Services Joins Hands with Qualcomm to Provide Solutions for the Global 5G Private Network Industry30.9.2022 10:00:00 EEST | Press release
L&T Technology Services Limited (BSE: 540115, NSE: LTTS), a leading global pure-play engineering services company, today announced that it is collaborating with Qualcomm Technologies, Inc. to deploy end-to-end solutions for the global 5G Private Network Industry utilizing their combined core expertise in the Hi-Tech & Telecommunication domain. LTTS and Qualcomm Technologies will bring together core competencies in telecommunication solutions and services for the benefit of end-customers in the manufacturing and warehousing/logistics sector. As the demand for a connected world continues to grow rapidly, LTTS engineers are leveraging LTTS’ chip-to-cloud expertise to unleash the power of 5G and transform global manufacturing and supply chain processes. Qualcomm Technologies, an industry leader in 5G globally, is accelerating the expansion of 5G connectivity, and its end-to-end domain expertise is enabling the growth of the broader technology ecosystem spanning 5G Private Network RAN, devi
TRAWELL CO S.P.A. Confirms That Consumer Spending Is Strong in Airports Worldwide30.9.2022 09:05:00 EEST | Press release
The Board of Directors of TraWell Co S.p.A. (Euronext Growth Italia, ticker: TWL), which met yesterday afternoon, approved the consolidated half-yearly financial report as of 30 June 2022, which shows that passengers’ spending in airports is very strong. The group registered the following results for H1 2022: REVENUES of € 10.9 million, an increase of € 3.7 million (+ 52%); EBITDA equal to + € 2.0 million, up by € 2.2 million; NET PROFIT equal to + € 2.0 million, an increase of € 2.6 million. The revenues of 10.9 million euros (+ 52%) show a strong improvement of the spending environment compared to 2021. The analysis of Group’s revenues by geographical area confirms an ideal international diversification in H1 2022, with America as the first market of the Group with approximately 50% of revenues , Europe with 28% as the second market and Asia with approximately 22% of revenues. Rudolph Gentile, President and CEO of the TraWell Group: "Demand is high, and the industry is rebounding as
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.Visit our pressroom