Veracode's Latest Reporting Innovation Breaks Negative Paradigms Associated with Secure Application Development
Much has been written about the combative relationship that often exists between security professionals and their software development counterparts. If you consider the number one job of a security professional is to place the developer's code under a microscope and highlight each and every flaw, you can appreciate there may be some tension. Most of the solutions leveraged by security professionals to test developer code only offer assessments of what they did wrong. Veracode, Inc., the leader in cloud-based application security testing, believes this approach is increasingly counterproductive. In response, the company today announced the release of new reporting features in the Veracode Platform that highlight successful use of security best practices by developers.
Veracode's new reporting capability delivers positive, actionable reports when developers successfully use best practices to eliminate vulnerabilities, while still providing the actionable recommendations for writing secure code that enables Veracode customers to rapidly fix flaws to achieve policy compliance.
“For too long, security testing has only highlighted what developers did wrong and not what they did right,” said Wendy Nather, research director, Enterprise Security Practice, 451 Research. “Veracode's new reports put an application's security weaknesses alongside its security strengths, giving a balanced look at how well a development team is building in security.”
Veracode's new reporting features transform the developer experience and enable organizations to solve the application security challenge in a fundamentally different and better way. With the prevalence of common vulnerabilities such as SQL Injection and Cross-Site Scripting (XSS) errors, organizations are keen on implementing security measures to ensure their application portfolio is secure. Veracode's new reports remove the negative and often counterproductive feedback associated with the software development lifecycle and encourages developers to leverage verification tools to decrease the prevalence of insecure code and ensure the security of software applications.
“Developer adoption of testing services is difficult and the feedback from our customers was consistent—they wanted to empower their developers with a new form of reporting while ensuring the security of their software applications,” said Tim Jarrett, director of product management, Veracode. “The Veracode platform transforms the developer experience by providing positive feedback when developers have successfully protected against vulnerabilities, and offers managers and CISOs a more effective way to track positive progress and roll out new security services.”
Available to all current Veracode customers, the new reporting feature offers CISOs an easier, more transparent approach to tracking upwards quality trends within the organization's application portfolio. It enables developers to receive positive feedback at the onset to ensure they're continuing to write secure code and gaining actionable remediation recommendations.
Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with customers in more than 80 countries worldwide including Global 2000 brands such as Barclays PLC and Computershare as well as the California Public Employees' Retirement System (CalPERS) and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the Veracode Blog.
Copyright © 2012 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
Whitney Parker, +1 617-986-5011