Sleep Soundly - Use Veracode
Updated March 01, 2024
Sleep Soundly - Use Veracode
Score 10 out of 10
Vetted Review
Verified User
Modules Used
- Static Analysis (SAST)
- Dynamic Analysis (DAST)
Overall Satisfaction with Veracode
Veracode is used across all departments in our organization tasked with creating and/or using software. It helps to ensure that we are up-to-date on the latest security threats, and their consultants help us to quickly resolve any issues we are not able to resolve ourselves. I greatly appreciate that the Veracode platform is incredibly versatile, and helps us get a more holistic view of our security profile. When we first started using it, within minutes it was easy to view where we should focus our fixes. Looking back, this alone was worth every penny.
- Thorough static scans
- Quick but deep dynamic scans
- Detailed reports
- Excellent consultants
- Initial user training could be better; it's very confusing at first.
- More online help
- The UI can be confusing if you have a lot of different products.
- Veracode's tools can perform in a couple of hours what would take us weeks to do.
- Our customers--rightfully--expect a high degree of security from us.
- It's easy to integrate Veracode into a CI pipeline allowing you to catch flaws while the code changes are fresh in your mind.
I prefer using multiple vendors, if not consistently at least a few different times. I like to see the different findings among security vendors. It not only comforting when they find the same flaws, but it also helps to compare one vendor against another (especially if one is lacking compared to the rest). And sometimes a different vendor will point out a flaw for a particular reason that might be worth exploring.
The reporitng and analytic features are very useful, both for new products and established products. For new products, it establishes a baseline from which we can clean up any issues. For established products, it's helpful to see how items featured in the reporting and analytic features have changed over time. Very useful.
Ideally, Veracode is used throughout the software development lifecycle. It helps to establish a baseline and, if possible, eliminate any found issues prior to any piece of software being released.
For established applications, it is also useful. Even if an app has been flawless, new issues may arise if someone discovers a new way to exploit the current software. It is very important to keep up.
For established applications, it is also useful. Even if an app has been flawless, new issues may arise if someone discovers a new way to exploit the current software. It is very important to keep up.
It has been very useful in helping to ensure applications are as secure as possible.
Veracode is more thorough and provides a wider variety of tools than the competition. Support is prompt and very eager to make sure we get the help we need as quickly as possible. If Support can't resolve it right away, they will make sure we are connected to one of their consultants. The consultants are awesome.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
I wasn't involved with the implementation phase
Would you buy Veracode again?
Yes