Business Wire

Simplifying Software Security: Veracode Enhances Frictionless Experience for Developers

Share

Black Hat (booth #2428) Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience. New features include extended integrations to support software composition analysis (SCA), a software bill of materials (SBOM) Application Programming Interface (API), and additional language and framework support for static analysis, further enhancing developers’ ability to secure software in the environments where they work.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220809005141/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Fig. 1 Veracode “Beat the Heat” security flaw heat map, State of Software Security Report v12 (Graphic: Business Wire)

Brian Roche, Chief Product Officer at Veracode, said, “Modern applications are mostly assembled, not written from scratch. Open-source code makes up a significant proportion of audited code bases—for example, 97 percent of the typical Java application is made up of open-source libraries*—increasing security risk and the need to identify supply chain risk. Our SBOM API, is designed to make it easier for developers to inventory their code base, including third-party components, allowing them to act quickly if new vulnerabilities emerge. Since the launch of our Continuous Software Security Platform in May, we have introduced additional capabilities that meet developers right where they work: in the integrated developer environment (IDE), code repository, and command line interface. These innovations are designed to drive adoption by making the platform even more developer friendly.”

Facilitating DevSecOps

Veracode’s platform supports 100+ languages and frameworks, including those for cloud-native application development and older languages used with legacy assets, like COBOL. Large enterprises have applications across myriad languages and being able to deploy a continuous security testing solution across them simplifies the process, while providing consistent results. The company’s latest State of Software Security (SoSS) 12 research analyzed the most common flaws by language and revealed that a prevalent flaw for one language may not be of any concern for another. For example, cross-site scripting (XSS) is the most common flaw for PHP, at 77 percent, but doesn’t even make the top 10 for C++*. Moreover, flaws change constantly, meaning that even if a flaw isn’t prevalent in a programming language, practitioners should still take active steps to prevent it from impacting their code. Since remediation tactics vary by flaw and programming language, having a broad array of language support in one place makes developers’ jobs easier by freeing up their time to focus on meeting tight deployment deadlines.

Frequent scanning of first- and third-party code mitigates the risk from both proprietary and open-source vulnerabilities, such as Log4j. Veracode’s new developer-centric tools and services are designed to make this a quicker and easier process, particularly with the additional capability of third-party proprietary library scanning.

Peter Evans, Engineering Director at QAD Precision GTTE, said, “Veracode brought a complete platform for us to build security tools into our development pipelines, as well as helped us grow our knowledge to keep getting better at security. Veracode was also a good fit because the platform can scan Java code in the Spring framework where we develop our software. We’ve gone from reviewing code to integrating continuous scans into our daily pipelines. Security threats don’t stand still and Veracode provides us the tools to keep up with the latest vulnerabilities and rules.”

Notable updates to the Veracode Continuous Software Security platform include:

SBOM for SCA

  • With government regulations driving standards for securing software supply chains, having an SBOM is increasingly important for organizations. Veracode’s SBOM API in SCA enables developers to easily generate an SBOM in CycloneDX JSON format—one of the approved formats for compliance with the U.S. Executive Order. This helps confirm the code they’re using, or building, is free from vulnerabilities.

IDE and Integrations for SCA

To make software security a seamless experience, Veracode continues to introduce integrations that meet developers where they work.

  • The Veracode Azure DevOps Extension has a new “SCA Flaw Importer” to automatically import SCA flaws into Azure DevOps Boards and Work Items
  • The soon-to-be-released Veracode for Visual Studio Code extension provides detailed information on vulnerabilities, licence risks, and recommended versions of open-source libraries and transitive dependencies so developers can rapidly respond to any risks

Expanded Frameworks and Languages Support for Static Analysis

  • The company is committed to keeping up with the latest language and frameworks with which developers work, adding support for Rails 7.0, Ruby 3.x, and PHP Symfony

Roche concluded, “As a pioneer of application security, we are uniquely positioned to combine unrivalled experience with the latest innovations in cloud development. Unlike on-premise vendors, our SaaS solution is both scalable and elastic, meaning customers are always prepared to meet unexpected demand. Powered by nearly two decades of cumulative data, our platform provides detailed comparative historical reviews against industry benchmarks and peers—a level of insight highly relevant for leadership teams and the board. Our platform also saves developers time by delivering highly accurate results and enabling them to find and fix vulnerabilities in minutes, meaning they can ship code quickly with the confidence that it is secure.”

Developers can learn more about Veracode’s platform, the frictionless developer experience, and how to simply and maturely secure their SDLC by visiting Veracode’s booth #2428 at Black Hat USA.

*Veracode State of Software Security Report v12, February 2022

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Learn more at www.veracode.com, on the Veracode blog and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Press and Media
Katy Gwilliam
Head of Global PR, Veracode
kgwilliam@veracode.com
+44.7584.341.110

About Business Wire

Business Wire
Business Wire



Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Mary Kay Awards Education Grant to Young Woman Aspiring to Become First Latin American Woman Astronaut to Visit Mars5.10.2022 23:40:00 CEST | Press release

As a decades-long leader in women’s empowerment and innovative science, Mary Kay celebrates young women who are taking charge of their futures through leadership, innovation, and determination to excel in STEAM fields. Women make up only 28% of the workforce in science, technology, engineering, and math. [1] By offering continued support to young women in STEAM fields, they are continuing Mary Kay’s mission, which is to improve women's lives everywhere. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221005005835/en/ Mary Kay is committed to inspiring young women making tremendous contributions to STEAM fields to continue to pursue their dream. (Photo: Mary Kay Inc.) “More young women gaining access to STEAM education leads to an increase in women embracing careers in those fields. In turn, this provides access to more equal opportunities for women, narrows the gender pay gap, bolsters economies, and eliminates bias in scient

300 Rimini Street Employees Will Gather in Las Vegas to Handmake 500 Fleece Blankets for Local Foster Children, Shelter Pets, and Homeless Youth5.10.2022 23:09:00 CEST | Press release

Rimini Street, Inc. (Nasdaq: RMNI), a global provider of enterprise software products and services, the leading third-party support provider for Oracle and SAP software products and a Salesforce partner, today announced that on October 6, 2022, over 300 Rimini Street employees gathered in Las Vegas will handmake 500 fleece blankets for local foster children. The blankets will then be donated to Clark County (Nev.) Department of Family Services and Foster Kinship, a Las Vegas-based non-profit. The volunteers will also craft 100 smaller blankets to be donated to the Las Vegas SPCA for animals waiting for their forever homes. The remaining fabric will be donated to volunteer quilters who sew garments for local homeless youth. The 500 blankets will be part of the supply package for recently appointed guardians to gift to the child upon arrival, helping them feel welcome during their critical adjustment phase. The fleece fabric used for the blankets is adorned with children’s characters and

Pyramid Analytics Formalizes US Federal Business Practice5.10.2022 21:04:00 CEST | Press release

Pyramid Analytics (Pyramid), a pioneering decision intelligence platform provider, today announced a new business practice dedicated to the specific needs of U.S. federal agencies. Led by a team of experts with a deep background in the federal market segment, Pyramid’s Federal Business Practice builds on the company’s success with federal agencies such as the U.S. Department of Veterans Affairs (VA) and strengthens its focus and commitment to providing the U.S. Federal Government and federal partners with sales, technical expertise, and services to deploy Decision Intelligence for strategic uses at scale. Key Points: Decision Intelligence enabled by AI and Machine Learning (ML) can modernize the delivery of critical public services, including healthcare, homeland security, and defense in the US federal market segment. President Biden’s Fiscal Year (FY) 2023 Budget proposes spending $65 billion on IT for civilian federal agencies and prioritizes IT Modernization, Cybersecurity, and Digi

Brijesh Jeevarathnam to Succeed Kelly Meldrum as Global Head of Fund Investments at Adams Street Partners5.10.2022 15:00:00 CEST | Press release

Adams Street Partners, LLC, a private markets investment firm with more than $50 billion of assets under management, announced today that Brijesh Jeevarathnam will be promoted to Partner & Global Head of Fund Investments. Jeevarathnam, who joined Adams Street as a Partner in Primary Investments in 2016, will also become a member of the firm’s Executive Committee as part of his new role. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221005005265/en/ Brijesh Jeevarathnam has been promoted to Partner & Global Head of Fund Investments of Adams Street Partners. (Photo: Business Wire) Jeevarathnam succeeds Kelly Meldrum, who is retiring after 17 years as a Partner & Head of Primary Investments at the firm. Meldrum will transition her duties at year-end and will make herself available through the end of Q1 2023. “Over her long tenure with Adams Street, Kelly has made innumerable contributions to the firm, not the least of which wa

NetWitness Launches White Hat Wednesdays Conversation Series5.10.2022 15:00:00 CEST | Press release

NetWitness: DATE & LOCATION: To register, visit the White Hat Wednesdays link here. Wednesday, October 19 at 11:30am ET Wednesday, November 16 at 11:30am ET More dates to be announced WHAT: NetWitness will be launching White Hat Wednesdays, a series of discussions exploring the latest cybersecurity threats enterprises face today, with the first session kicking off on October 19. Cybersecurity experts will share their personal experience regarding the evolution of today’s attacks and the steps incident response teams are taking to detect, mitigate, assess, and remedy these situations. The first topic will focus on threats to the financial industry and FIN13, a threat actor that targets this vertical. The discussion will include how these types of groups operate as well as what an attack on financial technology looks like. WHO: The following spokespeople and executives will be leading the discussions: Stefano Maccaglia, Practice Manager, NetWitness Incident Response Will Gragido, Head of

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom