Veracode Continuous Software Security Platform helps organizations mitigate their security risks

Veracode announced its Continuous Software Security Platform, which seamlessly integrates application security into the software development lifecycle (SDLC). The platform streamlines workflows by bringing development and security teams together to provide a broad understanding of risks, remediation guidance, and progress at every stage of the development process.

According to the latest research from Veracode, the average scan throughput has increased 20-fold over the past decade, with most applications being tested three times a week, up from three times a year a decade ago. The research also showed a 31% increase in the number of organizations using multiple types of analytics in the last three years alone.

Today, leading organizations recognize the need to leverage multiple methods to evaluate their software and to do so at all stages of the development lifecycle. Gartner predicts that “by 2025, 70% of organizations will consolidate the number of vendors securing the cloud-native application lifecycle to no more than three vendors.” This suggests that enterprises are already looking for a comprehensive platform that offers flexible policy management, holistic software risk assessment, and built-in remediation guidance, while simplifying the complexity of managing multiple solutions.

Omnipresent but not invasive for developers

With increased pressure to build and deploy software at breakneck speed, development teams need security controls to be seamlessly integrated into the tools they work on so they can quickly find and fix vulnerabilities. Meanwhile, security teams must meet increasingly stringent compliance standards set by their boards and regulators.

Veracode’s Continuous Software Security Platform is pervasive but not invasive, providing a seamless experience for developers by integrating vulnerability scanning with remediation guidance directly into the integrated development environment.

Brian Roche, Chief Product Officer at Veracode, said, “Other vendors in our space have incomplete or disjointed solutions that lack consistent reporting and analytics, leaving customers playing a game of hitting a mole on different tools. We continued to evolve our platform to create a seamless and integrated experience for developers, as well as to provide security teams with a holistic view of their software security posture from design through development and deployment. We see this as a victory for the development and security teams that will result in the delivery of more secure software.

Veracode Continuous Software Security Platform

The Veracode Continuous Software Security Platform enables users to set and manage security policy, get a complete view of software security across their application portfolio, and leverage rich analytics to build plans informed, report metrics, comply with policy and meet regulatory requirements.

Powered by nearly two decades of data, the platform enables organizations to detect, predict, manage and ultimately mitigate their security risks. These intelligent capabilities enable enterprises to deliver secure code at the speed and scale expected in today’s world.

The new version of Veracode Continuous Software Security Platform offers several new features, including:

  • Single screen reports: Security teams can now access unified reports directly in the portal for static analysis, dynamic analysis, software composition analysis, and manual penetration testing. Administrators and developers now have a consolidated view of security risks, as well as flexible policy controls with stronger license management reporting to quickly resolve issues.
  • Self-service peer benchmarking: With complete data and anonymized information on all platform users, customers now have direct access to reports on the portal, allowing them to easily compare the results of their DevSecOps program against others. others in their area. By tapping into years of data and learning, clients can see how their program metrics stack up and make plans to address their risks.
  • Software Bill of Materials (SBOM): Security teams can now generate and export SBOMs on demand with an integrated REST (Representational State Transfer) API. This returns data for a specific application in the CycloneDX SBOM format, a standard designed for use in application security contexts and supply chain component analysis. Additionally, API data can be extracted and transformed outside of the Veracode platform.
  • Smart correction: The Continuous Software Security Platform will leverage technology acquired from Jaroona to detect and remediate software vulnerabilities through machine learning. Jaroona, which was recognized by Gartner Research as a “Cool Vendor” in 2021, outperforms traditional approaches by 7-10x in accuracy, false negative and false positive rates, and reduces the burden on technical resources .

According to Tabrez Naqvi, Director of Information Security and Risk at Cox Automotive, “The security of our products and services is very important to us, and Veracode helps us ensure that we never lose the trust of our customers. .”

Comments are closed.