Application Security » Veracode Reviews » Review

Veracode Review

We have learned from the recommended remediation strategies, making future code better

What is our primary use case?

Security scanning.

How has it helped my organization?

It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security.

In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better.

As for our customers, it lowers the risk for people visiting our site.

What is most valuable?

Catching coding flaws before they go live.

Regarding integrating Veracode into our software development lifecycle, we started out with it being used only as a web interface, and now developers are starting to use it right in their IDE on the desktop.

What needs improvement?

It's a pretty dynamic product. It's changing all the time and improving.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred-megabyte size.

What do I think about the scalability of the solution?

We haven't encountered any scalability issues with Veracode so far.

How are customer service and technical support?

They're awesome. Their timeliness is acceptable, but their expertise is phenomenal.

Which solution did I use previously and why did I switch?

Veracode is the first professional solution I've used. It was in place when I got to the company.

How was the initial setup?

We just use it as a cloud service for third-party developers.

What was our ROI?

In terms of cost savings relating to code fixes since implementing Veracode in our development process, I can't really give hard numbers.

What's my experience with pricing, setup cost, and licensing?

I'm not the pricing guy.

Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it.

What other advice do I have?

I recommend it all the time.

It's an important aspect of a complete security program. Not necessarily this product, but source code, fraud detection.

I'd give it an eight out of 10 because it's pretty straightforward, but you still have to mostly wrap it with organizational policies that encourages its use. It's not a product - and I don't think it's really a product category - that sells itself to the end-user. They see benefits, but they do have to be convinced to use it.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Keep your software secure

Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

Find out more
Add a Comment
Guest
Author
Highlights
Pros
It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security.In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better.
Cons
The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size.
Pricing Advice
Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it.
Sign in to see all reviews and comparisons. It's free!
By clicking Sign in with LinkedIn™ you agree to let IT Central Station use your LinkedIn profile and email address in accordance with our Privacy Policy and agree to the Terms of Service.
Sign Up with Email
  • Unlimited access to 31000+ reviews from real users
  • Your own page to promote your professional skills
  • Join a community of experts to call upon for support
As seen in:

By registering, you agree to our Terms of Service and Privacy Policy.
  • Unlimited access to 31000+ reviews from real users
  • Your own page to promote your professional skills
  • Join a community of experts to call upon for support
As seen in