/may 4, 2020

Independent Research Reveals Organizations Gain ROI of 162% with SaaS application security from Veracode

Organizations recoup their AppSec investment within three months through rapid implementation and scale and by fixing flaws in real-time

BURLINGTON, Mass. – May 4, 2020 – Veracode, Inc., the largest independent global provider of application security testing (AST), today announced a commissioned study conducted by Forrester Consulting on behalf of Veracode reveals organizations using Veracode’s SaaS application security achieve a return on investment (ROI) of 162%, representing millions of dollars in savings over a three-year period. The Total Economic Impact™ (TEI) study illustrates the inherent value of SaaS in scaling, improving speed to market, and programmatically reducing risk by fixing software flaws versus on-premises AppSec tools that lack real-time features and require infrastructure maintenance.

As businesses undertake complex digital transformation initiatives, new software and technology is critical for engaging customers, driving growth, and accelerating innovation. The study found that Veracode’s cloud application security solution rapidly enables secure software delivery and effectively scales with organizations as they ramp up their programs, but also does so on demand without the delay or infrastructure and operational costs of traditional on-premises alternatives.

The Forrester study found that reference organizations experienced an average benefit of $11.8 million over three years versus an investment of $4.5 million, adding up to a net present value of $7.3 million and an ROI of 162%. This includes $3.9 million in cost avoidance of legacy on-premises AppSec due to moving to the cloud with Veracode. A representative organization would achieve payback on its investment within three months, according to the study.

“Today’s reality has forced most companies into radical digital transformation in order to effectively engage customers, keep their employees productive, and generally conduct business,” said Elana Anderson, Chief Marketing Officer at Veracode. “Businesses must ensure that enabling software for these critical digital initiatives doesn’t introduce security risk. That’s where we come in. By leveraging Veracode’s SaaS application security platform, companies can get up and running immediately and focus on addressing the vulnerabilities they find rather than standing up and tuning a new environment. We believe this study confirms our customers’ experiences and their ability to be more agile and innovative without sacrificing security in fast-changing market conditions.”

The study quantified significant cost reductions for Veracode customers including:

  • Scaling AppSec easily with SaaS: interviewed organizations who previously used on-premises AppSec tools reported spending an average of 33 hours setting up each AppSec server and 216 hours each year maintaining them. For an organization with dozens of servers, this represents a minimum of $450,000 annually in prospective costs. And, when AppSec needs to scale, on-premises solutions add complexity and friction, increasing risk. Reference organizations in the study saved an average of $1.3 million in server cost avoidance.
  • Avoiding costs with comprehensive AppSec capabilities: Operationally, Veracode’s cloud-based solution is 20% less expensive than that of an on-premises solution. Consolidating application security onto one platform reduced the overall cost of operations, while operating in the cloud provides ongoing cost savings. Over three years, reference organizations saved an average of $3.9 million.
  • Reducing unplanned work by developers: Veracode Static Analysis provides fast, automated security feedback in the IDE and the pipeline enabling developers to identify and fix flaws in their code within seconds. It provides clear guidance on what issues to focus on and how to fix them faster, reducing the workload on development and security teams later in the software development lifecycle when flaws are more costly and time-consuming to fix. This contributes to faster release cycles and getting software to market more efficiently. Overall, reference organizations saved an average of $4.4 million over a three-year period.

“We needed a platform that took away all the heavy lifting for us, and allowed us to focus on risk management. We are not in the business of running and deploying infrastructure in data centers and collecting data,” said the chief product security officer for business services at an enterprise financial firm, according to the report. “That brings us away from our core focus, which is to maintain the trust of our consumers.”

Forrester used its TEI™ methodology to create an unbiased assessment of the real benefits experienced by Veracode customers. Prior to using Veracode, the organizations in the study used a variety of on-premises AppSec tools requiring provisioning of data center infrastructure that led to time delays and bottlenecks when more capacity was needed. The composite Veracode customer referenced in the report is a U.S.-based financial organization with expanding AppSec needs to support 800 applications, a security team of 20, and 1,600 developers in 12 geographies.

SaaS vs. On-premises: The Total Economic Impact™ Of Veracode’s SaaS-based Application Security Platform study is available to download here.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.


Press and Media Contacts

Katy Gwilliam,
Head of Global Communications, Veracode
[email protected]
Related Links


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image

    and Tricks

  • resource image

    & Podcasts

  • resource image

    and eBooks