I’m always a fan of ending the year on a high note, so you can imagine how excited I am to share the news that Veracode has been named a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017 report by Forrester Research. Forrester ranks its vendors through the detailed evaluation of the 10 most significant vendors in static application security testing (SAST).
The report cited that Veracode offers “the Veracode Static Analysis IDE Scan plug-in for early, on-the-fly SAST checking” and that we show “very strong support for binary and byte code scanning as well as wide support of source code language.” Software Development Lifecycle (SDLC) integration was an evaluation criterion in this report, as “SAST vendors are trying to serve new users as security pros demand that their products give developers early remediation advice throughout the SDLC.”
With the DevSecOps approach to software security, development teams are taking on more responsibility by bringing security into the earliest phases of development. This is why it is important for developers to be empowered with static testing tools that can test from the earliest phases of development. What’s more, many companies today are using software as a value driver, and it is important for that software to be made with high quality standards. These standards typically include functionality but security is also a major element in the quality of an application. Despite this, Veracode’s State of Software Security Report 2017 (SOSS) shows that 77 percent of applications have at least one vulnerability before they are tested for security.
The good news is that the SOSS Report found that with early and frequent sandbox scanning, DevOps organizations saw a 48 percent better fix rate than those conducting policy-only scanning. Veracode static analysis provides additional information about security defects and as the applications moves through the SDLC provides insights into internal and industry compliance.
Over the years, we’ve worked hard to offer a comprehensive application security platform that is in alignment with current software development paradigms. Indeed, as security has shifted into the earliest stages of development, we’ve created designed-for-developer solutions, eLearning capabilities and support through our community that helps to make security a seamless element of the software lifecycle.
It’s our mission to ensure that secure software is synonymous with great software, and the fact of the matter is quite simple: we can’t achieve that mission without empowering development teams with the tools to test early, giving security teams with the solutions they need to govern security issues, and enabling operations teams maintain applications’ security resulting in reduced application risk.
1The Forrester Wave™: Static Application Security Testing, Q4 2017
2The Forrester Wave™: Static Application Security Testing, Q4 2017