Business Wire

Simplifying Software Security: Veracode Enhances Frictionless Experience for Developers

Share

Black Hat (booth #2428) Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience. New features include extended integrations to support software composition analysis (SCA), a software bill of materials (SBOM) Application Programming Interface (API), and additional language and framework support for static analysis, further enhancing developers’ ability to secure software in the environments where they work.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220809005141/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Fig. 1 Veracode “Beat the Heat” security flaw heat map, State of Software Security Report v12 (Graphic: Business Wire)

Brian Roche, Chief Product Officer at Veracode, said, “Modern applications are mostly assembled, not written from scratch. Open-source code makes up a significant proportion of audited code bases—for example, 97 percent of the typical Java application is made up of open-source libraries*—increasing security risk and the need to identify supply chain risk. Our SBOM API, is designed to make it easier for developers to inventory their code base, including third-party components, allowing them to act quickly if new vulnerabilities emerge. Since the launch of our Continuous Software Security Platform in May, we have introduced additional capabilities that meet developers right where they work: in the integrated developer environment (IDE), code repository, and command line interface. These innovations are designed to drive adoption by making the platform even more developer friendly.”

Facilitating DevSecOps

Veracode’s platform supports 100+ languages and frameworks, including those for cloud-native application development and older languages used with legacy assets, like COBOL. Large enterprises have applications across myriad languages and being able to deploy a continuous security testing solution across them simplifies the process, while providing consistent results. The company’s latest State of Software Security (SoSS) 12 research analyzed the most common flaws by language and revealed that a prevalent flaw for one language may not be of any concern for another. For example, cross-site scripting (XSS) is the most common flaw for PHP, at 77 percent, but doesn’t even make the top 10 for C++*. Moreover, flaws change constantly, meaning that even if a flaw isn’t prevalent in a programming language, practitioners should still take active steps to prevent it from impacting their code. Since remediation tactics vary by flaw and programming language, having a broad array of language support in one place makes developers’ jobs easier by freeing up their time to focus on meeting tight deployment deadlines.

Frequent scanning of first- and third-party code mitigates the risk from both proprietary and open-source vulnerabilities, such as Log4j. Veracode’s new developer-centric tools and services are designed to make this a quicker and easier process, particularly with the additional capability of third-party proprietary library scanning.

Peter Evans, Engineering Director at QAD Precision GTTE, said, “Veracode brought a complete platform for us to build security tools into our development pipelines, as well as helped us grow our knowledge to keep getting better at security. Veracode was also a good fit because the platform can scan Java code in the Spring framework where we develop our software. We’ve gone from reviewing code to integrating continuous scans into our daily pipelines. Security threats don’t stand still and Veracode provides us the tools to keep up with the latest vulnerabilities and rules.”

Notable updates to the Veracode Continuous Software Security platform include:

SBOM for SCA

  • With government regulations driving standards for securing software supply chains, having an SBOM is increasingly important for organizations. Veracode’s SBOM API in SCA enables developers to easily generate an SBOM in CycloneDX JSON format—one of the approved formats for compliance with the U.S. Executive Order. This helps confirm the code they’re using, or building, is free from vulnerabilities.

IDE and Integrations for SCA

To make software security a seamless experience, Veracode continues to introduce integrations that meet developers where they work.

  • The Veracode Azure DevOps Extension has a new “SCA Flaw Importer” to automatically import SCA flaws into Azure DevOps Boards and Work Items
  • The soon-to-be-released Veracode for Visual Studio Code extension provides detailed information on vulnerabilities, licence risks, and recommended versions of open-source libraries and transitive dependencies so developers can rapidly respond to any risks

Expanded Frameworks and Languages Support for Static Analysis

  • The company is committed to keeping up with the latest language and frameworks with which developers work, adding support for Rails 7.0, Ruby 3.x, and PHP Symfony

Roche concluded, “As a pioneer of application security, we are uniquely positioned to combine unrivalled experience with the latest innovations in cloud development. Unlike on-premise vendors, our SaaS solution is both scalable and elastic, meaning customers are always prepared to meet unexpected demand. Powered by nearly two decades of cumulative data, our platform provides detailed comparative historical reviews against industry benchmarks and peers—a level of insight highly relevant for leadership teams and the board. Our platform also saves developers time by delivering highly accurate results and enabling them to find and fix vulnerabilities in minutes, meaning they can ship code quickly with the confidence that it is secure.”

Developers can learn more about Veracode’s platform, the frictionless developer experience, and how to simply and maturely secure their SDLC by visiting Veracode’s booth #2428 at Black Hat USA.

*Veracode State of Software Security Report v12, February 2022

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Learn more at www.veracode.com, on the Veracode blog and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Press and Media
Katy Gwilliam
Head of Global PR, Veracode
kgwilliam@veracode.com
+44.7584.341.110

About Business Wire

Business Wire
Business Wire
24 Martin Lane
EC4R 0DR London

+44 20 7626 1982http://www.businesswire.co.uk

(c) 2018 Business Wire, Inc., All rights reserved.

Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Terra Firma Energy Limited Secure 120MW of Contracts From Record Breaking T-4 Capacity Market Auction28.2.2024 20:07:00 CET | Press release

Terra Firma Energy have successfully secured 120MW of contracts in the record-breaking T-4 Capacity Market auction. After two bidding rounds the auction cleared at £65/kW/Year breaking last year’s record of £63/kW/Year. This outstanding result will see our contracted assets receive over £7.3M per year to be on standby to provide critical support to National Grid when required. UK Capacity Market The UK Capacity Market ensures electricity supply meets demand, especially during peak times, by incentivising generation investment and maintaining grid stability. Auction results determine prices paid to generators for ensuring electricity availability. The T-4 auction secures capacity for delivery in four years via long-term 15-year agreements, while T-1 auctions procure capacity just before delivery via 12-month agreements. On February 27, 2024, the T-4 auction cleared at £65/kW/year for delivery in Oct-2027/Sep-28. William Davies, Managing Director of Terra Firma Energy said “I am thrilled

Verimatrix Streamkeeper Wins Gold in 2024 Merit Awards for Telecom Innovation28.2.2024 19:14:00 CET | Press release

Regulatory News: Verimatrix, (Euronext Paris: VMX), the leader in powering the modern connected world with people-centered security, today announced that its Verimatrix Streamkeeper took home top honors in this year’s Merit Awards for Telcom and Wireless. The gold win in the Security Innovations category marks the latest in a growing stack of industry recognitions marking Streamkeeper’s uniquely powerful and multi-layered anti-piracy protection capabilities. Judged by industry executives, members of the media and consultants as well as Merit Awards staff, the program is dedicated to recognizing the efforts put forth by global industries and the markets they serve, acknowledging companies that have contributed to the continued growth of the market. Verimatrix Streamkeeper combines digital content security with app protection to hunt down and take down piracy for many of the world’s entertainment leaders – including more than half a billion clients across devices. "We are thrilled to con

Tecnotree's Comprehensive Next-Generation BSS Solutions to Drive Nuh Digital’s Transformation28.2.2024 17:07:00 CET | Press release

Tecnotree, a global digital platform and services leader for AI, 5G, and cloud-native technologies, announced the signing of a new digital transformation deal with Nuh Digital, to provide BSS stack solutions to enhance the company’s operational efficiency and meet current and future market requirements. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240228266983/en/ (Graphic: Business Wire) Nuh Digital is a growing Mobile Virtual Network Operator (MVNO), changing the scenario of digital inclusion in Brazil, with the purpose of developing businesses through innovation and intelligent connectivity. Tecnotree’s digital marketplace solutions will enable the company to introduce new digital services quickly and cost-effectively. The full digital stack deployment will include Mediation, Provisioning, BSS Switch (Convergent Billing Solution, Customer Lifecycle Manager, Unified Product Catalog, Enterprise Integration Accelerator), D

LiveRamp Launches Unified Data Collaboration Platform Featuring Composable Technology28.2.2024 17:00:00 CET | Press release

LiveRamp (NYSE: RAMP) today unveiled the next generation of the /LiveRamp Data Collaboration Platform, which brings together solutions for the end-to-end marketing lifecycle onto a single platform. The unified offering introduces new capabilities such as a simplified user interface, composable technology for cross-cloud interoperability, and a partner marketplace where innovative third-party developers can build applications showcasing their trusted expertise. Built on a foundation of durable, authenticated technology designed to withstand signal loss, the /LiveRamp Data Collaboration Platform offers functionality to proactively address evolving privacy considerations while accelerating forward-looking data collaboration use cases. Gartner® findings show “Marketing has an outsized role in data and analytic activities across the enterprise, with 71% of marketing data and analytics teams responsible for owning at least one element of data strategy for their organization.” By bringing all

The Open Group Welcomes Shell as Its Latest Platinum Member28.2.2024 17:00:00 CET | Press release

The Open Group, the vendor-neutral technology standards organization, has today announced that Shell Information Technology International, Inc. has become a Platinum Member of the organization. Shell joins other industry-leading Platinum Members DXC Technology, Fujitsu, Huawei, IBM, Intel, and OpenText. Shell has been a Member of The Open Group since 1997, and has contributed to its numerous Forums which enable collaboration to develop open technology standards and certifications. The company played a critical role in the foundation of The Open Group OSDU® Forum that facilitates the development of transformational technology for the world’s changing Energy needs, and donated important intellectual property that formed the basis of the OSDU Data Platform. Shell also contributed to the inception of The Open Group Open Footprint™ Forum that focuses on creating an environmental footprint data model standard applicable to all industries. The Open Group is a global consortium that enables th

HiddenA line styled icon from Orion Icon Library.Eye