Analyst Reports

Released on 6 August 2015

Veracode is a Leader in the Magic Quadrant

Read the "Magic Quadrant For Application Security Testing" (July 2015) to learn whether your organization has the right technologies and processes to effectively reduce application-layer risk across the enterprise.

Gartner, Inc. 2015 “Magic Quadrant for Application Security Testing” by Neil MacDonald, Joseph Feiman. 6 August 2015

Awareness is growing around the importance of application security, particularly when the software comes from third parties. At the same time, CISOs trying to address that risk are facing a maze of technical, legal and organizational constraints.

Cyberattacks cost UK businesses £18 billion in lost revenue and £16 billion in increased IT spending per year as a result of breaches. And the issue is widespread — 81 percent of UK businesses reported a breach in 2014.

As software applications are increasingly distributed through cloud and mobile platforms, the risk of vulnerabilities affecting enterprises rises. Both builders and defenders of apps are well aware that these new types of applications—and the languages and frameworks they are developed in—pose substantial, complex risks.

Forrester Consulting conducted research on the benefits independent software vendors realize using Veracode and found a three-year, risk-adjusted 131% return on their investment and a 68% reduction in security vulnerabilities.

The Forrester “Planning for Failure” report offers practical guidance to create a breach response plan that will help your enterprise respond quickly and appropriately to minimize damage.

Forrester predicts that in 2015 “at least 60 percent of organizations will suffer a security breach.”

Learn how a G2000 financial services company secured its critical outsourced and internally-developed applications with Veracode’s cloud-based service – and generated a 3-year ROI of 192 percent.

Released on 1 July 2014

Veracode is a Leader in the Magic Quadrant

Read the "Magic Quadrant for Application Security Testing" (July 2014) to find out why there is a critical need to reduce risk in Web, cloud and mobile applications.

Gartner, Inc. 2014 “Magic Quadrant for Application Security Testing” by Neil MacDonald, Joseph Feiman. July 1, 2014

Released on October 16th, 2012

Former CISO Wendy Nather explains how Veracode's SaaS offering "takes both effort and cost away from the enterprise CISO" and "lowers the barriers to appsec testing."

This independent report details the unique advantages of Veracode's binary static analysis technology for testing third-party applications. It describes how Veracode's cloud-based platform and program management service address the scale and complexity challenges of reducing third-party software risk enterprise-wide, and provides a SWOT analysis of the Veracode VAST Program.

Released February 2014

The second SANS Institute survey on application security programs and practices asks a number of pertinent questions. The maturity and effectiveness of application security programs are examined, as well as developer training, application security spend and what the future holds. Download to find out what organizations are doing about the risks posed by their web, database, mobile and cloud applications.

The survey identifies a number of trends within application security, including:

1. How widespread are application security programs?

2. How effective are these programs?

3. What practices and tools are organizations relying on most today, and what are they finding the most useful?

4. How is secure coding training for developers being done, and how effective is this training?

5. How are people justifying spending on Appsec, and where are they spending most of their efforts?

6. What will the future of Appsec look like?

Released on February 24th, 2012

Organizations are having to manage more and more critical software applications to conduct business. These applications may be developed in-house, by an outsourcer or commercially acquired. The vast majority of these software applications will contain flaws which can constitute a security risk.

This report, delivered by the analyst firm Quocirca, looks at how businesses are deploying software and what measures are in place for checking the security of applications. The report draws on new research conducted amongst US and UK enterprises from a range of industries and assesses the scale of the software security problem, the ways in which it can be mitigated, the extent to which this is being achieved, the costs involved and how they can be minimized.

Released on December 20th, 2012

Applications are hard to monitor, full of vulnerabilities and easy to manipulate. It's no surprise that applications have become the top vector of attack. But what may surprise IT professionals is what organizations are doing about the risks posed by their web, database, mobile and cloud applications.

What application security policies are emerging in organizations with sensitive data to protect? Read the findings of a new SANS Survey on Application Security Policies in the Enterprise.

Questions of interest include:

  • 1. Are any organizations managing their applications securely throughout their lifecycles?
  • 2. Who's responsible for application security?
  • 3. What are the most critical applications and perceived threats?
  • 4. How integrated is organizational application security management with the overall risk management program?

Released on May 15th, 2012

Critical infrastructure has become dependent on complex software applications. The responsibility of ensuring safe and secure functioning of these systems has typically rested solely with critical infrastructure providers. Efforts to secure and defend networks largely consisted of the deployment of defensive technologies, but far less attention was paid to the underlying code that makes applications vulnerable to begin with.

This report from Good Harbor Consulting examines the security advantages and market incentives for developing software applications for critical infrastructure through a security development process.