Analyst Reports

Business and Economic Consequences of Inadequate Cybersecurity

Cyberattacks cost UK businesses £18 billion in lost revenue and £16 billion in increased IT spending per year as a result of breaches. And the issue is widespread — 81 percent of UK businesses reported a breach in 2014.

Get the full report

Third-Party Application Security Risk: The Elephant in the Room Is Finally Getting Talked About

Awareness is growing around the importance of application security, particularly when the software comes from third parties. At the same time, CISOs trying to address that risk are facing a maze of technical, legal and organizational constraints.

Get the full report

The Total Economic Impact™ of Veracode’s Cloud-Based Application Security Service for Independent Software Vendors

Forrester Consulting conducted research on the benefits independent software vendors realize using Veracode and found a three-year, risk-adjusted 131% return on their investment and a 68% reduction in security vulnerabilities.

Get the full report

Forrester: Planning for Failure

The Forrester “Planning for Failure” report offers practical guidance to create a breach response plan that will help your enterprise respond quickly and appropriately to minimize damage.

Forrester predicts that in 2015 “at least 60 percent of organizations will suffer a security breach.”

Get the full report

Gartner: Five Golden Rules for Creating Effective Security Policy

According to this Gartner report, “Policy is an important form of communication about risk, and the impact on the reader will be maximized if the text is well-crafted in organizational appropriateness and writing style.” The report also states that: “Fortunately, the use of a few best practices for the planning and writing of policy can make a big difference in its effectiveness in reducing risk.”

Get the full report

Evolve To Become the 2018 CISO or Face Extinction

Read this report to learn about Forrester's 5-step plan for seizing control of your destiny as a CISO – and why the top 3 skills required to succeed are leadership, strategic thinking, and business knowledge.

Get the full report

Forrester ROI Case Study

Learn how a G2000 financial services company secured its critical outsourced and internally-developed applications with Veracode’s cloud-based service – and generated a 3-year ROI of 192 percent.

Download the case study

Gartner Application Security Testing Magic Quadrant

Released on 1 July 2014

Veracode is a Leader in the Magic Quadrant

Read the "Magic Quadrant for Application Security Testing" (July 2014) to find out why there is a critical need to reduce risk in Web, cloud and mobile applications.

Gartner, Inc. 2014 “Magic Quadrant for Application Security Testing” by Neil MacDonald, Joseph Feiman. July 1, 2014

Get the full report

451 Research: Veracode Eyes a VAST Opportunity in Third-Party Application Security Testing

Released on October 16th, 2012

Former CISO Wendy Nather explains how Veracode's SaaS offering "takes both effort and cost away from the enterprise CISO" and "lowers the barriers to appsec testing."

This independent report details the unique advantages of Veracode's binary static analysis technology for testing third-party applications. It describes how Veracode's cloud-based platform and program management service address the scale and complexity challenges of reducing third-party software risk enterprise-wide, and provides a SWOT analysis of the Veracode VAST Program.

Get the full report

SANS: 2014 Survey on Application Security Programs and Practices

Released February 2014

The second SANS Institute survey on application security programs and practices asks a number of pertinent questions. The maturity and effectiveness of application security programs are examined, as well as developer training, application security spend and what the future holds. Download to find out what organizations are doing about the risks posed by their web, database, mobile and cloud applications.

The survey identifies a number of trends within application security, including:

1. How widespread are application security programs?

2. How effective are these programs?

3. What practices and tools are organizations relying on most today, and what are they finding the most useful?

4. How is secure coding training for developers being done, and how effective is this training?

5. How are people justifying spending on Appsec, and where are they spending most of their efforts?

6. What will the future of Appsec look like?

Get the full report

Quocirca - Outsourcing the Problem of Software Security

Released on February 24th, 2012

Organizations are having to manage more and more critical software applications to conduct business. These applications may be developed in-house, by an outsourcer or commercially acquired. The vast majority of these software applications will contain flaws which can constitute a security risk.

This report, delivered by the analyst firm Quocirca, looks at how businesses are deploying software and what measures are in place for checking the security of applications. The report draws on new research conducted amongst US and UK enterprises from a range of industries and assesses the scale of the software security problem, the ways in which it can be mitigated, the extent to which this is being achieved, the costs involved and how they can be minimized.

Get the full report

SANS: 2012 Survey on Application Security Programs and Practices

Released on December 20th, 2012

Applications are hard to monitor, full of vulnerabilities and easy to manipulate. It's no surprise that applications have become the top vector of attack. But what may surprise IT professionals is what organizations are doing about the risks posed by their web, database, mobile and cloud applications.

What application security policies are emerging in organizations with sensitive data to protect? Read the findings of a new SANS Survey on Application Security Policies in the Enterprise.

Questions of interest include:

  • 1. Are any organizations managing their applications securely throughout their lifecycles?
  • 2. Who's responsible for application security?
  • 3. What are the most critical applications and perceived threats?
  • 4. How integrated is organizational application security management with the overall risk management program?

Get the full report

Good Harbor Consulting - Confronting Cyber Risk in Critical Infrastructure

Released on May 15th, 2012

Critical infrastructure has become dependent on complex software applications. The responsibility of ensuring safe and secure functioning of these systems has typically rested solely with critical infrastructure providers. Efforts to secure and defend networks largely consisted of the deployment of defensive technologies, but far less attention was paid to the underlying code that makes applications vulnerable to begin with.

This report from Good Harbor Consulting examines the security advantages and market incentives for developing software applications for critical infrastructure through a security development process.

Get the full report