When you work in the banking industry, security is a part of everything you do. And just as important as protecting the money is protecting the integrity of the software it all flows through. But for us at CAP COM Federal Credit Union (CAP COM), ensuring that we were producing secure code had become a bigger priority.
As part of redefining our software development lifecycle (SDLC), CAP COM began to seek an all-in-one solution that would allow the credit union to integrate security into the build process. Any solution we brought in would need to help us meet the security specifications outlined by the National Credit Union Association (NCUA), along with industry certifications, including PCI, OWASP and HIPAA.
Since I've come on board two years ago, we've been moving slowly toward bringing in more of a .NET-centric infrastructure for all our software development and SDLC processes. We reached the point where we almost had a whole build system in place and really needed some kind of SAST and DAST tool so the developers could do security scans.
Looking for an SAST provider to accommodate the migration to .NET, we considered both Veracode and another leading on-premise SDLC solution before signing a long-term deal with Veracode. There were several factors that made Veracode the clear choice over the competitors:
We chose Veracode not only to reduce security risks in its software, but also to reduce the risk of working with the wrong solution for our needs. By comparing Veracode to other vendors, we were able to find the capabilities, integrations, support, and price we needed to accomplish both our security and business performance goals.