Simplifying Software Security: Veracode Enhances Frictionless Experience for Developers
Black Hat (booth #2428) – Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience. New features include extended integrations to support software composition analysis (SCA), a software bill of materials (SBOM) Application Programming Interface (API), and additional language and framework support for static analysis, further enhancing developers’ ability to secure software in the environments where they work.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220809005141/en/
Fig. 1 Veracode “Beat the Heat” security flaw heat map, State of Software Security Report v12 (Graphic: Business Wire)
Brian Roche, Chief Product Officer at Veracode, said, “Modern applications are mostly assembled, not written from scratch. Open-source code makes up a significant proportion of audited code bases—for example, 97 percent of the typical Java application is made up of open-source libraries*—increasing security risk and the need to identify supply chain risk. Our SBOM API, is designed to make it easier for developers to inventory their code base, including third-party components, allowing them to act quickly if new vulnerabilities emerge. Since the launch of our Continuous Software Security Platform in May, we have introduced additional capabilities that meet developers right where they work: in the integrated developer environment (IDE), code repository, and command line interface. These innovations are designed to drive adoption by making the platform even more developer friendly.”
Veracode’s platform supports 100+ languages and frameworks, including those for cloud-native application development and older languages used with legacy assets, like COBOL. Large enterprises have applications across myriad languages and being able to deploy a continuous security testing solution across them simplifies the process, while providing consistent results. The company’s latest State of Software Security (SoSS) 12 research analyzed the most common flaws by language and revealed that a prevalent flaw for one language may not be of any concern for another. For example, cross-site scripting (XSS) is the most common flaw for PHP, at 77 percent, but doesn’t even make the top 10 for C++*. Moreover, flaws change constantly, meaning that even if a flaw isn’t prevalent in a programming language, practitioners should still take active steps to prevent it from impacting their code. Since remediation tactics vary by flaw and programming language, having a broad array of language support in one place makes developers’ jobs easier by freeing up their time to focus on meeting tight deployment deadlines.
Frequent scanning of first- and third-party code mitigates the risk from both proprietary and open-source vulnerabilities, such as Log4j. Veracode’s new developer-centric tools and services are designed to make this a quicker and easier process, particularly with the additional capability of third-party proprietary library scanning.
Peter Evans, Engineering Director at QAD Precision GTTE, said, “Veracode brought a complete platform for us to build security tools into our development pipelines, as well as helped us grow our knowledge to keep getting better at security. Veracode was also a good fit because the platform can scan Java code in the Spring framework where we develop our software. We’ve gone from reviewing code to integrating continuous scans into our daily pipelines. Security threats don’t stand still and Veracode provides us the tools to keep up with the latest vulnerabilities and rules.”
Notable updates to the Veracode Continuous Software Security platform include:
SBOM for SCA
- With government regulations driving standards for securing software supply chains, having an SBOM is increasingly important for organizations. Veracode’s SBOM API in SCA enables developers to easily generate an SBOM in CycloneDX JSON format—one of the approved formats for compliance with the U.S. Executive Order. This helps confirm the code they’re using, or building, is free from vulnerabilities.
IDE and Integrations for SCA
To make software security a seamless experience, Veracode continues to introduce integrations that meet developers where they work.
- The Veracode Azure DevOps Extension has a new “SCA Flaw Importer” to automatically import SCA flaws into Azure DevOps Boards and Work Items
- The soon-to-be-released Veracode for Visual Studio Code extension provides detailed information on vulnerabilities, licence risks, and recommended versions of open-source libraries and transitive dependencies so developers can rapidly respond to any risks
Expanded Frameworks and Languages Support for Static Analysis
- The company is committed to keeping up with the latest language and frameworks with which developers work, adding support for Rails 7.0, Ruby 3.x, and PHP Symfony
Roche concluded, “As a pioneer of application security, we are uniquely positioned to combine unrivalled experience with the latest innovations in cloud development. Unlike on-premise vendors, our SaaS solution is both scalable and elastic, meaning customers are always prepared to meet unexpected demand. Powered by nearly two decades of cumulative data, our platform provides detailed comparative historical reviews against industry benchmarks and peers—a level of insight highly relevant for leadership teams and the board. Our platform also saves developers time by delivering highly accurate results and enabling them to find and fix vulnerabilities in minutes, meaning they can ship code quickly with the confidence that it is secure.”
Developers can learn more about Veracode’s platform, the frictionless developer experience, and how to simply and maturely secure their SDLC by visiting Veracode’s booth #2428 at Black Hat USA.
*Veracode State of Software Security Report v12, February 2022
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
Press and Media
Head of Global PR, Veracode
About Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Philip Morris International Announces New Regional Structure and Senior Management Changes to Accelerate Growth Toward a Smoke-Free Future25.11.2022 19:05:00 CET | Press release
Philip Morris International Inc. (PMI) (NYSE: PM) today announced a new regional structure and related senior management changes to enable continued growth as a multicategory leader internationally and advance its rapid transition toward a smoke-free future. “We are changing the company’s regional structure to further support the growth of our smoke-free business, reinforce consumer centricity, and increase the speed of innovation and deployment—all in alignment with our ambition of becoming a majority smoke-free business by net revenues by 2025,” said Jacek Olczak, PMI’s Chief Executive Officer. “The new structure will also create new opportunities to further grow our senior talent, deepening the bench of leaders who will spearhead PMI’s progress toward a smoke-free future for the years to come. I am confident of the exceptional caliber and determination of our people and wish them the best in their new roles.” By the end of January 2023, PMI will rearrange its operations in four regi
China’s Vanke Foundation presents fruitful green development achievements at COP2725.11.2022 15:44:00 CET | Press release
China’s Vanke Foundation invited dozens of Chinese charitable organizations, institutes and industry associations to present the fruitful achievements of China's green development at the recently concluded 2022 United Nations Climate Change Conference (COP27) in Sharm El-Sheikh. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221125005204/en/ Wang Shi(L4), Chairman of Vanke Foundation, and other Chinese delegates called for joint action on climate change at COP27 in Sharm El-Sheikh, Egypt on Nov. 11, 2022. (Photo: Business Wire) According to Wang Shi, Founder of Vanke Group, Chairman of Vanke Foundation, and Founder of C Team, only a few nongovernmental Chinese individuals, including himself, representing about 100 Chinese companies attended COP15 in Copenhagen back in 2009, while this year, together with numbers of partners from different sectors, approximately one million Chinese enterprises and institutions have been invol
Fruits Eco-Blockchain Project Completes its Security Audit of their Native Blockchain Conducted by Quantstamp25.11.2022 15:00:00 CET | Press release
Fruits Eco-Blockchain Project is pleased to announce their completion of a security audit of the Fruits Blockchain's contract system conducted by Quantstamp, a leader in web3 security. The focus of the audit was to verify that the smart contract system is secure, resilient and working according to its specifications. The audit activities can be grouped in the following three categories: This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221120005089/en/ Fruits Eco-Blockchain Project completes its security audit of their native blockchain conducted by Quantstamp (Graphic: Business Wire) Security: Identifying security related issues within each contract and within the system of contracts. Sound Architecture: Evaluation of the architecture of this system through the lens of established smart contract best practices and general software best practices. Code Correctness and Quality: A full review of the contract source code. The prim
Abu Dhabi Hosts Annual Investment Meeting May 202325.11.2022 14:49:00 CET | Press release
Abu Dhabi will host the 12th edition of the Annual Investment Meeting from 8 to 10 May 2023, which will take place under the theme of “The Investment Paradigm Shift: Future Investment Opportunities to Foster Sustainable Economic Growth, Diversity, and Prosperity”. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221125005180/en/ Abu Dhabi Hosts Annual Investment Meeting May 2023 (Photo: AETOSWire) At a press conference held today in Abu Dhabi, the announcement of the launch of AIM Global 2023 which is supported by the Ministry of Industry & Advanced Technologies, with the Abu Dhabi Department of Economic Development (ADDED) as a lead partner was made in the presence of H.E. Dr. Thani bin Ahmed Al Zeyoudi, Minister of State for Foreign Trade, Vice Chairman of the UAE Industry Development Council and H.E. Mohamed Ali Al Shorafa, Chairman of ADDED. AIM Global 2023 pillars will discuss the global capital market transformation, way
Alberto Bona’s Exploit on the Class40 IBSA : Eighth at the Route Du Rhum25.11.2022 13:13:00 CET | Press release
Thursday, November, 24, at 3:34:50 pm local time (8:34:50 Paris-Rome time) in Pointe-à-Pitre, Alberto Bona on the Class40 IBSA crossed the finish line of the twelfth edition of the Route du Rhum in eighth place. His race time is 15 days, 6 hours, 19 minutes and 50 seconds. The skipper of the Class40 IBSA sailed the 3,542 miles between Saint-Malo and Pointe-à-Pitre at a speed of 9.67 knots on the great-circle course, actually covering 4005.51 miles at an average speed of 10.93 knots. He arrived in Pointe-à-Pitre 1 day, 3 hours, 11 minutes and 10 seconds after the Class40 winner, Yoann Richomme. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221125005116/en/ Alberto Bona on the Class40 IBSA crosses the finish line of the twelfth edition of the Route du Rhum (©IBSA | Beppe Raso) “A very nice but extremely hard regatta, especially in the upwind week”, stated Alberto upon arrival. “I am extremely happy: IBSA and I made it togethe