How has it helped my organization?
The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled. Among other benefits, this reduces the cost to fix the problem(s) as the fix can occur earlier in the SDLC.
What is most valuable?
The ability to identify a vulnerability, the optimal place for remediation and the correct syntax is very valuable. This feature helps ensure that the software fix is comprehensive and effective. The CxSuite is easy to use and because it provides the correct coding syntax to address a vulnerability, it helps improve the secure coding skill set among developers. The product can scan precompiled (source) code, as well as compiled (binary) code, delivering effectiveness and efficiency throughout the SDLC.
What needs improvement?
The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools.
The Checkmarx CxSuite covers a wide range of programming languages including many of the most popular languages used by developers today. As matter of general improvement, expanding coverage to languages (emerging, legacy) and open source frameworks will increase the overall effectiveness of product.
*2017 Update. A number of leading Open Source Frameworks are now supported.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
How is customer service and technical support?
The technical support is high quality. The support team is well versed in how best to configure, implement and operate the product.
Which solutions did we use previously?
I did not previously use a different solution.
How was the initial setup?
The initial set up is straightforward. The product requires a fairly simple computing environment for operation.
What's my experience with pricing, setup cost, and licensing?
The product licensing offers the flexibility to cover a wide range of environments. The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
Which other solutions did I evaluate?
We considered several other commercial-grade application security solutions. The Checkmarx solution offers an ideal combination of code coverage, functionality, usability and TCO.
What other advice do I have?
The Checkmarx CxSuite product works well, delivers efficiency to the SDLC, and most important of all, it effectively improves application security.
Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a Checkmarx Certified Partner.
Feb 02 2017