Veracode Review

We have learned from the recommended remediation strategies, making future code better


What is our primary use case?

Security scanning.

How has it helped my organization?

It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security.

In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better.

As for our customers, it lowers the risk for people visiting our site.

What is most valuable?

Catching coding flaws before they go live.

Regarding integrating Veracode into our software development lifecycle, we started out with it being used only as a web interface, and now developers are starting to use it right in their IDE on the desktop.

What needs improvement?

It's a pretty dynamic product. It's changing all the time and improving.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred-megabyte size.

What do I think about the scalability of the solution?

We haven't encountered any scalability issues with Veracode so far.

How is customer service and technical support?

They're awesome. Their timeliness is acceptable, but their expertise is phenomenal.

Which solutions did we use previously?

Veracode is the first professional solution I've used. It was in place when I got to the company.

How was the initial setup?

We just use it as a cloud service for third-party developers.

What was our ROI?

In terms of cost savings relating to code fixes since implementing Veracode in our development process, I can't really give hard numbers.

What's my experience with pricing, setup cost, and licensing?

I'm not the pricing guy.

Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it.

What other advice do I have?

I recommend it all the time.

It's an important aspect of a complete security program. Not necessarily this product, but source code, fraud detection.

I'd give it an eight out of 10 because it's pretty straightforward, but you still have to mostly wrap it with organizational policies that encourages its use. It's not a product - and I don't think it's really a product category - that sells itself to the end-user. They see benefits, but they do have to be convinced to use it.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest

Sign Up with Email