/apr 12, 2022

Veracode Acquires ML-Powered Vulnerability Remediation Technology From Jaroona GmbH

By Brian Roche

On the heels of our significant growth investment from TA Associates, we are pleased to announce our acquisition of auto-remediation technology from Jaroona. Jaroona’s intelligent remediation technology accelerates Veracode’s vision and strategy to automatically detect and remediate software vulnerabilities. Jaroona was recognized as a 2021 Gartner® Cool Vendors™ for DevSecOps1

Accelerated development practices and dependency on software have increased the software attack surface exponentially, placing a greater strain on development and security teams to ramp up security awareness and skills as well as find and fix flaws across an evolving technical environment. This investment will allow us to offer a unique benefit to our customers, leveraging our collective knowledge over nearly two decades of helping customers find and fix security flaws. This milestone is yet another step toward our vision to deliver a frictionless experience for developers to find and fix security flaws, enabling them to work together with their security teams to build and deploy software quickly and securely. 

With this added technology, we will be able to incorporate intelligent remediation capabilities across our platform more rapidly, propose more advanced code fixes, and expand support for traditional and cloud-native programming languages and frameworks. We will initially provide suggested code flaw fixes with suggestions ranked by relevancy and frequency of use by other developers who fixed similar vulnerabilities.   

Upon initial launch, which we expect later this year, the technology will be embedded into Veracode Static Analysis (SAST) and will be fully available to integrate directly into the CI/CD pipeline. As flaws are identified and fixes are proposed, developers can review proposed changes prior to merging remediations as part of their normal code review process. 

Enabling developers to fix flaws in their code more quickly will go a long way toward helping security and development teams balance a common business tradeoff today, speed versus risk. Development teams that spend a lot of time manually remediating code will be more efficient through the use of this capability. Reducing even a portion of that work with an auto-remediation solution that provides patches for frequently detected flaws can recapture developer time and reduce the overall cycle time for delivery. 

As we continue to innovate around this important new capability, we will bring the benefits of intelligent remediation to our entire portfolio of software security solutions, spanning custom and open-source code across our customer’s traditional and cloud-native technologies.   

We hope you are as excited as we are about the promise of this new technology and the benefits that it will bring to your organization. Keep an eye out for upcoming updates.  

 


 

1 Gartner, Cool Vendors in DevSecOps, Dionisio Zumerle, 17 May 2021. 

VERACODE DISCLAIMER

The information in this blog includes statements about Veracode’s product development plans. Although the product plans are in the works, it is still possible for unforeseen factors to alter the timing or nature of our releases.  

GARTNER DISCLAIMER 

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER and Cool Vendors are a registered trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.

Related Posts

By Brian Roche

Brian Roche is the Chief Executive Officer of Veracode and a recognized expert in Application Security Engineering, Cloud Native Technologies, Cloud Operations and AI. An award-winning cybersecurity leader and a pioneer of the early DevOps movement, Brian is also a passionate public speaker on AI, Application Security, DevOps, and digital transformation. With over 25 years of leadership, he has a proven track record of helping global enterprises transform their people, technology, and strategic advantage to compete and succeed in the digital economy.