Overall Satisfaction with Veracode
We use Veracode in four ways:
- As part of our software development process where we scan 35 applications with Static Application Security Testing and Software Composition Analysis to detect and resolve security exposures prior to General Availability releases. These scans are automated to run multiple times per week.
- At GA we deploy and run our hosted applications in security test environments while executing Dynamic Application Security Testing to ensure our systems remain secure.
- During operations in our hosted environments we engage manual Penetration Testing from Veracode to complement our security program.
- Finally we use Static Application Security Testing and Software Composition Analysis to evaluate customer requested modifications prior to delivery and deployment into production environments.
- Software as a service is the primary strength which results in a highly supported program.
- Very effective program management focused on quick ramp up and continuous improvement for sustained business value.
- Highly effective technology which most would identify first. In our case it is assumed the technology provider is superior making the service and program management key differentiators.
- The leadership team, who created a very effective approach to securing software, brings credibility to the table. They remain accessible and offer guidance and support to our executive team.
- The only suggestion I have is for them to establish a Security Consulting arm where customers could engage them, as a paid service, for establishing overall security programs. With that said Veracode is very generous with their time even if not being paid.
- Mention of Veracode during customer sales meetings is always received very positively. For closing deals security related friction is removed.
- Automated scanning with high frequency drives flaw management cycle times to a minimum. Reduction in labor to run scans, low false positive rate drives engineering efficiency, and high frequency reduces/eliminates escape rate resulting in cost avoidance due to "rework."
- Defending our solutions security becomes a non-event. We find most customer based scanning is plagued with high false positive rates due to ineffective configuration or poor technology. We simply state our approach with Veracode and no longer reviewing customer initiated reports. Many customers become very interested in how Veracode avoids false positives.
Software as a service is a key factor. Programs are easy to establish and quick to ramp up. Low false positive rates means lower engineer fatigue and frustration. Data path exposure makes resolution obvious and easier. Other providers tend to sell technology and many times do not provide support (guidance) after the sale or they depend on third party organizations to attempt so. Veracode provide the entire package from creation to implementation.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes