Veracode Review

Provides an all-in-one metrics location, I can see where everything is across my full portfolio

Video Review:

How has it helped my organization?

It has given us visibility into the applications we have that are participating in the application security program.

What is most valuable?

For me, at the program manager level, I'm not a developer. What I do is run applications through a security program. What's important for me, from Veracode, is the all-in-one metrics location. I can see where everything is across the entire portfolio of applications I have in this program, and I can report out on it. That is one of the more important pieces for me, at the compliance level.

What needs improvement?

Speed. When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code. In our case, we have quite a bit of older code. It takes some time to get through.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

As a SaaS product, you have certain expectations for it to be stable. It is a very mature platform so we haven't had any issues with its performance.

What do I think about the scalability of the solution?

It absolutely scales out. Our program is pretty small, but the eventual goal is complete application portfolio coverage. I have no expectation that we are going to have any issues with scaling.

How are customer service and technical support?

Technical support is great. The folks that I have interacted with, from services all the way through to the pen-testers have been great. They are on par with anybody else out there. In some cases, specifically for applications, they are probably a lot better than most.

Which solution did I use previously and why did I switch?

I have done a lot of product comparisons in my time, in information security. A lot of them are modules of a product, there is no single pane of glass. When I talk about metrics, I want to see everything in a single pane of glass, I want to see all of my results in one location. A lot of the other application security products out there can't do that yet. They are getting there but Veracode has already been able to do that for years. Veracode can run multiple types of tests and you can see all the results in one area.

When selecting a vendor the most important criteria are 

  • scalability
  • reliability of results - we want to see results-oriented success.

How was the initial setup?

Setup is very straightforward. Since everything is SaaS, everything is uploaded to the cloud. It's very simple to do. There is no setup on the back-end, initially. Once we start getting a little more sophisticated with integrations we are going to be just fine. Currently, we are early in the program so everything is done manually. So there is no setup. Everything is just done in the cloud.

What other advice do I have?

I give Veracode a solid nine out of 10 because it is a full-featured product. It is not just something that they are selling to you and then leaving you to figure out how to use it. They actually help you every single step of the way and they want to show you how to do it. 

Their testers, their application security consultants, really help you and help educate the developers. They walk you through every step of the way.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Veracode reviews from users
...who work at a Financial Services Firm
...who compared it with Coverity
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,637 professionals have used our research since 2012.
Add a Comment
ITCS user