Simplifying Software Security: Veracode Enhances Frictionless Experience for Developers
Black Hat (booth #2428) – Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience. New features include extended integrations to support software composition analysis (SCA), a software bill of materials (SBOM) Application Programming Interface (API), and additional language and framework support for static analysis, further enhancing developers’ ability to secure software in the environments where they work.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220809005141/en/
Fig. 1 Veracode “Beat the Heat” security flaw heat map, State of Software Security Report v12 (Graphic: Business Wire)
Brian Roche, Chief Product Officer at Veracode, said, “Modern applications are mostly assembled, not written from scratch. Open-source code makes up a significant proportion of audited code bases—for example, 97 percent of the typical Java application is made up of open-source libraries*—increasing security risk and the need to identify supply chain risk. Our SBOM API, is designed to make it easier for developers to inventory their code base, including third-party components, allowing them to act quickly if new vulnerabilities emerge. Since the launch of our Continuous Software Security Platform in May, we have introduced additional capabilities that meet developers right where they work: in the integrated developer environment (IDE), code repository, and command line interface. These innovations are designed to drive adoption by making the platform even more developer friendly.”
Veracode’s platform supports 100+ languages and frameworks, including those for cloud-native application development and older languages used with legacy assets, like COBOL. Large enterprises have applications across myriad languages and being able to deploy a continuous security testing solution across them simplifies the process, while providing consistent results. The company’s latest State of Software Security (SoSS) 12 research analyzed the most common flaws by language and revealed that a prevalent flaw for one language may not be of any concern for another. For example, cross-site scripting (XSS) is the most common flaw for PHP, at 77 percent, but doesn’t even make the top 10 for C++*. Moreover, flaws change constantly, meaning that even if a flaw isn’t prevalent in a programming language, practitioners should still take active steps to prevent it from impacting their code. Since remediation tactics vary by flaw and programming language, having a broad array of language support in one place makes developers’ jobs easier by freeing up their time to focus on meeting tight deployment deadlines.
Frequent scanning of first- and third-party code mitigates the risk from both proprietary and open-source vulnerabilities, such as Log4j. Veracode’s new developer-centric tools and services are designed to make this a quicker and easier process, particularly with the additional capability of third-party proprietary library scanning.
Peter Evans, Engineering Director at QAD Precision GTTE, said, “Veracode brought a complete platform for us to build security tools into our development pipelines, as well as helped us grow our knowledge to keep getting better at security. Veracode was also a good fit because the platform can scan Java code in the Spring framework where we develop our software. We’ve gone from reviewing code to integrating continuous scans into our daily pipelines. Security threats don’t stand still and Veracode provides us the tools to keep up with the latest vulnerabilities and rules.”
Notable updates to the Veracode Continuous Software Security platform include:
SBOM for SCA
- With government regulations driving standards for securing software supply chains, having an SBOM is increasingly important for organizations. Veracode’s SBOM API in SCA enables developers to easily generate an SBOM in CycloneDX JSON format—one of the approved formats for compliance with the U.S. Executive Order. This helps confirm the code they’re using, or building, is free from vulnerabilities.
IDE and Integrations for SCA
To make software security a seamless experience, Veracode continues to introduce integrations that meet developers where they work.
- The Veracode Azure DevOps Extension has a new “SCA Flaw Importer” to automatically import SCA flaws into Azure DevOps Boards and Work Items
- The soon-to-be-released Veracode for Visual Studio Code extension provides detailed information on vulnerabilities, licence risks, and recommended versions of open-source libraries and transitive dependencies so developers can rapidly respond to any risks
Expanded Frameworks and Languages Support for Static Analysis
- The company is committed to keeping up with the latest language and frameworks with which developers work, adding support for Rails 7.0, Ruby 3.x, and PHP Symfony
Roche concluded, “As a pioneer of application security, we are uniquely positioned to combine unrivalled experience with the latest innovations in cloud development. Unlike on-premise vendors, our SaaS solution is both scalable and elastic, meaning customers are always prepared to meet unexpected demand. Powered by nearly two decades of cumulative data, our platform provides detailed comparative historical reviews against industry benchmarks and peers—a level of insight highly relevant for leadership teams and the board. Our platform also saves developers time by delivering highly accurate results and enabling them to find and fix vulnerabilities in minutes, meaning they can ship code quickly with the confidence that it is secure.”
Developers can learn more about Veracode’s platform, the frictionless developer experience, and how to simply and maturely secure their SDLC by visiting Veracode’s booth #2428 at Black Hat USA.
*Veracode State of Software Security Report v12, February 2022
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
Press and Media
Head of Global PR, Veracode
About Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Galderma to Showcase Latest Updates From Its Broad, Innovative and Leading Dermatology Portfolio at the 2024 American Academy of Dermatology Annual Meeting28.2.2024 07:00:00 CET | Press release
Galderma, the pure-play dermatology category leader, will be showcasing its latest clinical and educational efforts at the American Academy of Dermatology (AAD) Annual Meeting from March 8-12, 2024, highlighting its broad, innovative and leading dermatology portfolio. Galderma’s extensive presence – including two late-breaking presentations on its first-in-class, investigational monoclonal antibody nemolizumab, five oral poster presentations, 16 e-posters, a symposium, and several ‘Meet the Expert’ and interactive booth sessions – highlights its commitment to listening to consumers, patients and healthcare professionals in order to deliver cutting-edge science and innovation that addresses their varied needs. “Our vast presence at AAD combines new data, novel educational activities and patient perspectives, demonstrating how we are putting our commitment to addressing the needs of the dermatology community into action. We particularly look forward to presenting the latest updates from
Incyte Announces U.S. Food and Drug Administration Grants Priority Review for Axatilimab for the Treatment of Chronic Graft-Versus-Host Disease27.2.2024 22:08:00 CET | Press release
Incyte (Nasdaq:INCY) today announced that the U.S. Food and Drug Administration (FDA) has accepted for Priority Review the Biologics License Application (BLA) for axatilimab, an anti-CSF-1R antibody, for the treatment of chronic graft-versus-host disease (GVHD) after failure of at least two prior lines of systemic therapy. The Prescription Drug User Fee Act (PDUFA) date for the FDA decision is August 28, 2024. The BLA is supported by positive data from the AGAVE-201 trial (NCT04710576), recently highlighted in a Plenary Scientific Session at the American Society of Hematology Annual Meeting 2023, which showed that treatment with axatilimab resulted in clinically meaningful results and was generally well-tolerated, with a safety profile that was manageable and consistent with the mechanism of action of CSF-1R inhibition. Axatilimab is being developed by Incyte and Syndax Pharmaceuticals (Nasdaq:SNDX) as part of an exclusive worldwide co-development and co-commercialization license agree
Stonebranch Announces Record-Breaking Growth in 2023, Sets Sights on Future Innovations27.2.2024 19:24:00 CET | Press release
Stonebranch, a leading provider of service orchestration and automation solutions, announced another year of significant growth and innovation. Building on the unprecedented success of 2022, Stonebranch has continued to expand its offerings with major product updates and a host of strategic integrations that solidify its position as a leader in the IT automation industry. New Customer and Partner Relationships Fuel Growth In 2023, Stonebranch significantly expanded its customer base, welcoming a diverse range of new clients from various sectors, including finance, healthcare, manufacturing, and technology. In addition, new technology, channel, and consulting partnerships enhanced Stonebranch’s capabilities and market reach. Reflecting on the company's growth, Stonebranch CEO Giuseppe Damiani stated, "2023 was a pivotal year for Stonebranch. Our ability to attract and retain such a diverse clientele speaks volumes about our users' trust and confidence in our solutions. As organizations
INRED to Provide Wi-Fi Services to Remote Areas in Colombia via SES Satellites27.2.2024 18:06:00 CET | Press release
Following a series of successful collaborations to close the digital divide, Colombian local connectivity service provider INRED and SES announced today they will deliver high-throughput satellite services for Colombia’s Ministry of Information and Communication Technologies (MinTic) to support digital inclusion projects across the country. INRED will utilise SES’s Managed Enterprise service delivered via its Geostationary Earth Orbit (GEO) satellites to connect 300 new sites, including those in remote areas that cannot be reached by traditional, fiber-based terrestrial networks. As part of the project called "Zonas Comunitarias para la Paz", INRED will provide free Wi-Fi services to historically unconnected areas across Colombia via SES’s high throughput SES-17 and SES-14 satellites. The enhanced connectivity services will allow INRED to quickly deliver broadband services to 300 sparsely-populated areas, with the ability to easily scale up capacity in the future if needed. INRED and S
Türk Telekom Achieves the World’s First Mass Deployment of Software-defined Fiber Broadband With Zyxel and Netsia27.2.2024 16:54:00 CET | Press release
Türk Telekom, pioneer of digital transformation Türkiye, has completed the world’s first mass deployment of Software-Defined Fiber Broadband. By using Netsia’s BB Suite and Zyxel’s Whitebox OLT, Türk Telekom has taken an important step towards fulfilling its virtualized and disaggregated broadband network strategy and thus, providing world-class, modern, high quality and high-speed broadband services. “Beyond our role as a telecommunications operator, we are leading Türkiye's ambition to become a significant player in technology exports through our pioneering initiatives and partnerships. While supporting our local ecosystem through collaborations within our country, we are also elevating the prestige and value of our nation through our global endeavors," says Ümit Önal, CEO at Türk Telekom. “The cutting-edge fiber infrastructure technology product Zyxel, developed by Argela, our company renowned for innovative solutions, along with its US subsidiary Netsia, has evolved into an innovat