Veracode Positioned as a Leader in IDC MarketScape for Application Security Posture Management 2025

Nearly Two Decades of Expertise and 121+ Million Software Flaws Fixed Established Veracode as the Trusted Choice for Fortune 100 Companies and Thousands of Organizations Globally

BURLINGTON, Mass. – September 17, 2025 – Veracode, a global leader in application risk management, today announced that it has been named a Leader in the IDC MarketScape: Worldwide Application Security Posture Management (ASPM) 2025 Vendor Assessment (Doc #US53001925, September 2025).

The IDC MarketScape assessed 18 vendors  across the global ASPM market using rigorous quantitative and qualitative methodologies. The analysis focused on each vendor’s ability to help organizations effectively manage application-layer risk across the entire software development lifecycle, applying a comprehensive framework designed to identify critical success factors for achieving application security excellence both today and in the future.

Organizations Choose Veracode for Better Prioritization and a Unified View of Risk

The inaugural IDC MarketScape on the ASPM market highlighted Veracode  as “a strong fit for organizations that want to build on an existing relationship with a strategic application security vendor while still extending visibility and correlation across third-party tools, infrastructure, and cloud environments.” Customer feedback reinforced this assessment, with the report noting: “Customers report improved security posture after adopting VRM, citing better prioritization of risks, fewer misconfigurations in production, and clearer visibility into application security data. Users highlight strengths in data normalization, risk correlation, and remediation tracking, as well as satisfaction with deployment experience and customer support.”

“Veracode was recognized for its focus on efficient, risk-driven remediation, leveraging contextual recommendations and dual scoring to guide teams toward the most impactful actions,” said Katie Norton, research manager for DevSecOps and Software Supply Chain Security at IDC. “Its open ingestion model and interactive dashboards deliver consolidated visibility and traceability across hybrid environments—empowering organizations to prioritize, remediate, and manage application risk at scale without disrupting existing workflows.”

Veracode’s ASPM solution, Veracode Risk Manager (VRM), tackles the complexity of modern application security by combining urgency and severity scoring, with deep asset context, and business-critical insights. VRM eliminates fragmented tooling challenges by aggregating findings from more than 50 sources across code, cloud, infrastructure, and security systems. This comprehensive data ingestion is then correlated with asset and business context to surface prioritized issues and deliver targeted remediation recommendations for maximum risk reduction efficiency.

“Development and security teams face unprecedented complexity in application security, driven by AI-powered development tools and rapidly evolving threats,” said Derek Maki, Senior Vice President and Head of Product at Veracode. “We believe the IDC MarketScape’s recognition of Veracode as a Leader validates our commitment to delivering comprehensive security solutions that accelerate rather than impede development velocity. To us, this acknowledgement underscores our innovative approach to application security—particularly our Veracode Risk Manager and Veracode Fix capabilities that enable teams to identify, prioritize, and remediate vulnerabilities with speed and precision”

Learn More About What the Report Means for Security Leaders  

The IDC MarketScape: Worldwide Application Security Posture Management (ASPM) 2025 Vendor Assessment provides in-depth analysis for decision-makers. To access additional insights:

• Join the exclusive webinar featuring guest speaker Katie Norton from IDC alongside Derek Maki and Noah Salzman from Veracode on Thursday, September 25, 11:00 AM ET
• Download the excerpt on the Veracode website
• Read the analysis blog, Why Veracode was Named a Leader in the IDC MarketScape