Bridging the needs of security and development teams, Veracode introduces a next-generation software security platform

Bridging the needs of security and development teams, Veracode introduces a next-generation software security platform

BURLINGTON, Mass.–(COMMERCIAL WIRE)–truecode, a leading global provider of application security testing (AST) solutions, today announced its Continuous Software Security Platform, which seamlessly integrates application security into the software development lifecycle (SDLC). The platform streamlines workflows by bringing development and security teams together to provide a broad understanding of risk, remediation guidance, and progress at every stage of the development process.

According to Veracode’s latest research, there has been a 20x increase in average scan rate over the past decade, with most apps tested three times a week, up from three times a year a decade ago. The research also showed a 31 percent increase in organizations using multiple types of scanning in the last three years alone.

Today’s leading organizations recognize the need to leverage multiple methods to assess their software, and to do so at all stages of the development lifecycle. Gartner® predicts that “by 2025, 70% of organizations will consolidate the number of vendors securing the lifecycle of cloud-native applications to as few as three vendors.” ¹ This suggests that enterprises are already looking for a comprehensive platform that provides flexible policy management, holistic software risk assessment, and integrated remediation guidance, while simplifying the complexity of managing multiple solutions.

Generalized but not invasive for developers

With increased pressure to build and deploy software at breakneck speed, development teams require security controls to be seamlessly integrated into the tools they work on so they can quickly find and fix vulnerabilities. Meanwhile, security teams must meet increasingly stringent compliance standards set by their boards and regulators. Veracode’s Continuous Software Security Platform is ubiquitous but non-intrusive because it provides a seamless experience for developers by embedding remediation-oriented vulnerability scanning directly into the integrated development environment.

Brian Roche, Product Manager at Veracode, said: “Other vendors in our space have incomplete or disjointed solutions that lack consistent reporting and analytics, leaving customers playing ‘hit a mole’ across different tools. We continue to evolve our platform to create a seamless, integrated experience for developers, as well as to give security teams a holistic view of their software security posture from design through development and deployment. We see this as a win for both the development and security teams that will result in the delivery of more secure software.”

Veracode Continuous Software Security Platform

Veracode Continuous Software Security Platform enables users to define and manage security policy, gain a comprehensive view of software security across their application portfolio, and leverage rich analytics to make informed plans, communicate metrics, adhere to policy, and comply. with regulatory requirements. Powered by nearly two decades of data, the platform enables organizations to detect, predict, manage, and ultimately mitigate their security risk. These intelligent capabilities enable enterprises to deliver secure code at the speed and scale expected in today’s world.

The new version of Veracode Continuous Software Security Platform introduces several new capabilities, including:

  • Single Dashboard Reports: Security teams can now access unified reports directly in the portal for static analysis, dynamic analysis, software composition analysis, and manual penetration testing. Administrators and developers now have a consolidated view of security risks, as well as flexible policy controls through stronger license management reports to address issues quickly.
  • Self-Service Peer Benchmarking: With comprehensive data and anonymous information on all platform users, customers now have direct access to reports in the portal, allowing them to easily compare the results of their DevSecOps program with others in their industry. Leveraging many years of data and learning, clients can see how their program metrics stack up and establish plans to address their risk.
  • Software Bill of Materials (SBOM): Security teams can now generate and export SBOMs on demand with a built-in Representational State Transfer (REST) ​​API. This returns data for a specific application in SBOM Cyclone DX format: A standard designed for use in contexts of application security and analysis of supply chain components. Additionally, API data can be extracted and transformed outside of the Veracode platform.
  • Smart Repair: The Continuous Software Security Platform will leverage technology acquired from Jaroona to detect and remediate software vulnerabilities through machine learning. Recognized by Gartner Research as a “Great Vendor” in 2021, Jaroona outperforms traditional approaches 7-10 times in terms of accuracy, false negative and false positive rates, and reduces the burden on technical resources.

According to Tabrez Naqvi, chief information security and risk officer for Cox Automotive, “The security of our products and services is very important to us, and Veracode helps us ensure that we never lose the trust of our customers.”

For more information on Veracode Continuous Software Security Platform, visit

¹Gartner, Inc. ”Predicts 2022: Consolidated Security Platforms Are the Future” by Charlie Winckless, Joerg Fritsch, Peter Firstbrook, Neil MacDonald, Brian Lowans, December 1, 2021

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the US and internationally and is used herein with permission. All rights reserved.

About Veracode

Veracode is a leading AppSec partner for building secure software, reducing the risk of security breaches, and increasing the productivity of development and security teams. As a result, companies that use Veracode can move their business and the world forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps businesses get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Learn more at www.veracode.comabout him veracode’s blog and in Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos are the property of their respective owners. All other trademarks cited in this document are the property of their respective owners.

Leave a Comment