Great In-Depth Analysis of In-House Applications
March 15, 2024
Great In-Depth Analysis of In-House Applications
Score 10 out of 10
Vetted Review
Verified User
Modules Used
- Software Composition Analysis (SCA)
- Dynamic Analysis (DAST)
- Developer Training
- Static Analysis (SAST)
Overall Satisfaction with Veracode
Within our organization we have a large portfolio of applications written over many years by many different developers. As part of our continuous improvement and dedication to security we have integrated Veracode's static code analysis platform into our process of monitoring and reviewing our portfolio, greatly increasing our coverage. As a company with smaller development teams we greatly value resource efficiency, and tools which can improve it; to this extent our developers can utilize their time effectively remediating important flaws the platform discovers, and our organization can feel assured that our focus on security continues to evolve and grow.
- Veracode's static code analysis platform provides in-depth information as well as very useful suggestions regarding mitigation for flaws it discovers. This is very helpful in assisting developers towards a speedy and complete mitigation.
- Veracode does well to keep connected with their customers, ensuring the success of their customers on their platform is evidently one of their goals which they hold highly. This responsiveness continues into their technical support which is both helpful and fast to respond.
- Veracode continues to update their platforms, their capabilities, and their research often; the promise of continuous improvement from all facets provides value to us as an organization.
- We would like to see Veracode continue to improve the integrations available, particularly with respect to .NET IDEs. Part of our development team uses JetBrains' Rider which is, as of this time, unsupported for static integration.
- We would also like to see Veracode continue to improve their dynamic scan offerings; with the recent addition of DAST Essentials we feel this improvement may come sooner than later.
- Veracode's platform has had a very positive impact on our security posture, paving the path towards having coverage monitored automatically on hundreds of internal applications throughout the development lifecycle.
- Veracode's platform has also had a very positive impact on improving the security knowledge of our development team, providing meaningful feedback as well as training options to reduce mitigation time and help to prevent flaws before they are created.
While consolidating solutions through one vendor can present potential cost-savings and a cohesion between services, we also feel that it is important to ensure that our security posture involves multiple parties or vendors as it may serve to reduce the possibility of any particular party having blind spots in the coverage or knowledge through the services that they provide. To this extent we do investigate the offerings from multiple vendors, and continue to review how they change over time.
The reporting and analytic features are critical to any security program, with ours being no exception. Being able to report various statistics and metrics, especially in condensed formats as Veracode helps to provide, is something that we feel is very important especially in regards to more executive management. This helps to transform the work we perform in our development security practices into a more tangible form of numbers for our decision-makers. To this extent we use both the reporting dashboards as well as the individual report exports to provide up-to-date information to relevant parties.
We use Veracode in all stages of development, from the time a project is envisioned and first created to the maintenance life stage of an application. Through automation and integration with our development tooling we can continue to perform scans through this entire lifecycle, and continue to monitor the application after it has been released.
Veracode has had a very positive impact to our development process, both through detecting and helping to mitigate flaws if they are written as well as promoting a continuous improvement in the knowledge of our developers to prevent flaws from being created in the first place.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes