Veracode Review

Enables me to provide better code, faster, so my time to market is less


Video Review:

How has it helped my organization?

Interestingly enough, Veracode has evolved over time. Their chief designer has been a leader in security for many years and his insights into applications, and what we now consider DevOps, has been very helpful for the industry. The insights into how we now have a mobile workforce, and that the end-point is what you carry in your hand - and the protection of those apps and web pages - are imperative because the coding in our information has moved out. Quite honestly, the people have become the firewall. 

The products that Veracode has developed help me to manage that, scan that, know when something is going wrong, and I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that.

What is most valuable?

Veracode helps me in several implementations over a couple of industry sectors in a number of ways.

My coding, especially the code we develop, has a number of faults per line and that costs me money and time to fix those, into the lifecycle. Veracode enables me to provide better code, faster, so my time to market is less.

The security means my total cost of ownership goes down significantly over a period of time. The more code I write, the better I organize that, the less my expense is in maintaining that code.

What needs improvement?

As we move to more of a mobile space, much of the code was developed on desktops, mobile laptops, and things. Mobile apps run differently and they have a different runtime. Chris Wysopal and I have talked several times over the past few years about how to address that. I'm not sure that there is a good answer yet, because it is so complex. But I'm pretty sure with Chris' track record that they are going to come up with a very good way to do that in the near future.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

There are always a few bumps going into any new implementation because nobody has the same environment. We are in heterogeneous environments.

But I couldn't point out any one significant problem that comes to mind, because the bumps that we have found have been addressed and corrected pretty quickly.

What do I think about the scalability of the solution?

Scalability is almost infinite in this because the cloud-based solution allows me to expand. The companies I work for are generally in the 10 billion-plus range, but with thousands of developers we have never really had anything on the capacity planning or the performance of the products.

How is customer service and technical support?

Their technical support is the best in the business. These folks have been around, like I have, for many, many years so they have grown up with the industry. Not only are they developers, they have been practitioners before. Their chief designers, their coders - although many of them change - the key people who started this are still there, and you'll know them by first name; pick up the phone and they can help you with what you need.

Which solutions did we use previously?

Any previous solutions would have been more than 10 years ago, and I don't remember why we switched. It's like the car you drive or the shoes you like to wear: Once they work - and it has worked in multiple sectors - there is no reason to change.

When selecting a vendor, the important criteria are relationships and support. When I pick up the phone and I get a Sam King or a Bob Brennan on the line, things happen.

How was the initial setup?

It is a pretty easy implementation. As you know, with anything like this, which is very human-oriented, change is people, not necessarily the products themselves. The services they provide and the training and some of the "hand-holding", if you will, have always helped make this the bright, shiny object for the coders, so its implementation has always been pretty smooth for me.

What other advice do I have?

On the rating scale is there anything above 10? If there are no ones and tens, it would be the closest to 10. They have always been supportive. We have had to change, do course corrections during implementations, or particular types of coding. I have just never had a problem. My loyalty to the product has been primarily due to the service and the expedience in which they solve any problems we have.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest

Sign Up with Email