Veracode Review

Remediation consulting calls with the vendor help us find vulnerabilities much faster


Video Review:

How has it helped my organization?

It has allowed us to scale and find vulnerabilities much faster than previous manual tools. It has allowed us to educate developers on it to use the consultation calls.

What is most valuable?

The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen.

What needs improvement?

I would like to see more technical support for some of the connectors, some more detailed diagrams or run-books on how to install some of the stuff; more hand-holding in the sense of understanding our environment.

They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages.

My biggest need, the kind of feature I would want, is more on the technical support side.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

In the early years, it was a little less stable but I know they have switched to more of an Agile CI/CD methodology and I have seen a lot more stability since they moved to that methodology.

What do I think about the scalability of the solution?

One of the best things they offer is the scalability. The fact that you can work with it through the cloud means that if you have unintegrated business units, you don't have to worry about having a solution on-prem and having the network connection; you don't have to worry about giving up source code, you are just sending your binary files for most of the applications. So it scales much faster.

How is customer service and technical support?

The technical support is good. I like the fact that you can email Veracode support. You get a very fast response, usually within the same day. 

If you don't have an SPM, Solution Program Manager, to escalate issues after that - you don't have to escalate a lot of issues, but if you do and you don't have feature - that is where they seem to fall down a little bit. So they need help with their level-2 and level-3 support. They do very well at level-1 and then you need to escalate, sometimes. That is where they need to improve a little bit.

Which solutions did we use previously?

At a previous company, we were using HPE Fortify. We couldn't scale because it was an on-prem solution. Therefore, after five years, we decided to break out of the mold and use a SaaS solution. We were comfortable at the time doing so because we weren't sending source code, for the most part. As soon as we went to a cloud solution we scaled dramatically.

What I look for in a vendor is 70 percent a technical match with the features and benefits we need and for the remaining 30 percent, I look at the culture of the company because, for me, it is a relationship. I want to have a partnership and I want it to feel like a win-win. If they feel like it is a short-term decision, get in get out, I want to know that. I want to be able to talk to them at any time and add service enhancements, feature enhancements, those kinds of things. It's a 70-30 split for me.

How was the initial setup?

The implementation is straightforward in the sense that there are a lot of APIs to integrate, and they have a lot of connectors that do that for you.

Which other solutions did I evaluate?

HPE Fortify, Checkmarx, IBM AppScan. It really was between HPE Fortify, most of the time, and Veracode. I typically like Veracode because it is a SaaS solution. You have other providers now that do the same SaaS but then it goes back to the relationship and the partnership. I feel that I have that with Veracode.

What other advice do I have?

I would give Veracode a nine out of 10 because it scales incredibly well, they have very qualified people working there who are able to clearly articulate what the problems are when they are talking in a remediation or consultation call. They are very knowledgeable, they are not condescending when they talk to a developer. The tool is very easy to consume. It's not like looking at a menu with 20 pages at a restaurant, it's very simple to digest. They have a lot of API connectors, they cover a lot of languages and it just scales. You can't beat that. Finally, the relationship is great with them.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest

Sign Up with Email