The 2010 Gartner Magic Quadrant for Static Application Security Testing (SAST) has been published and Veracode is recognized as a leader. We are pleased to be able to share the leaders position with IBM and HP, two of the biggest and oldest companies in information technology. I am very proud of the work the Veracode team has been able to accomplish as a 4.5 year old company.
To get our service to the performance level where it is today has taken many hard earned lessons. These were learned satisfying the application security testing needs for some of the biggest and most sophisticated software vendors and largest enterprises in the world. We also learned plenty by performing security testing for small organizations getting their feet wet in application security for the very first time. The beauty of a SaaS security testing service is all customers from a global Fortune 50 company to 2 person software shop get the same reliable, repeatable, easy to use service. We don’t blink when a large company says they need 100 apps analyzed in 100 days or when 100 small organizations each need 1 app analyzed.
Being recognized as a SAST leader is significant milestone, but we are not satisfied and we are not standing still. We will have some exciting new announcements in January which will make it even easier for anyone to get an application analyzed. It will take only a few clicks to get an account, upload your application binary, and view test results. Printing pictures online through a photo service is more complicated. Our platform support will continue to grow to handle new languages and more types of mobile apps. We will continue to get more accurate (less false positives and more true positives) every day, as we tune our analysis engine to the world’s software codebase. The community effect of SaaS allows us to use the collective intelligence gathered from all our customers to create the most accurate analysis possible. We will continue to grow our integration from our cloud API to on premise systems: IDEs, bug tracking/quality systems, and GRC dashboards. We won’t stop until every application is security tested; quickly, inexpensively, and accurately, with nothing more than a browser or IDE.
A full copy of the Gartner Magic Quadrant for Static Application Security Testing report is available for download: [the report should be available soon]
Veracode Security Guides
Data Security Resources
Written by: Chris Wysopal