Veracode Other Solutions Considered

Kyle Engibous
Systems Architect at a tech vendor with 201-500 employees
There were some, but we didn't get serious about them because they didn't have everything that we wanted. View full review »
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees
I'd rather not give out competitor names. But the method we were using in the past was what is called dynamic scanning, or DAST. That required we have an environment that was up and running with the application, and then we could proceed to scan. You can see that if we have 35 applications, that means we've got 35 environments running our application internally, just for scanning purposes. That's a lot of hardware, whereas this methodology uses static scanning, where we upload the compiled code and we don't invest any hardware in doing that. The scanning capability not only does the scanning but contains the application code for us. There are a lot of complexities with trying to do a dynamic scan on-premise, versus a static scan on a platform. You almost can't compare the two. False-positive rate in the dynamic scanning was very high - 30 percent, maybe - and the false-positive rate for the static scanning is very low - maybe two to four percent. That is a significant value, because you don't have to spend a lot of time sorting through reported issues to determine if they're valid or not. We're pretty well assured that as we start investigating one, it's more than likely valid. We don't have that doubt entering in. It was a different approach. Two concepts: * That it is a cloud-based solution, which is very valuable to us, we don't need that hardware running our scans and hosting the environment to be scanned. * The technology, the static scanning versus dynamic scanning produces a much better result, a more accurate result. View full review »
Sebastian Toma
Engineering Security Manager at Nextiva
We looked at IBM before we decided to go with Veracode. I've seen the documentation that our director of information security put together. We looked at six different solutions before we went with Veracode. Another company does their pricing model based on lines of code. WhiteSource was one other option we evaluated. We did review a few of them. IBM App Scan and WhiteSource were definitely on the list. I don't remember the rest of them. View full review »
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: May 2019.
348,558 professionals have used our research since 2012.
Chief Information Security Officer with 501-1,000 employees
The state of Ohio decided to bring AppScan in and that's an IBM tool. IBM became a major vendor in the state of Ohio. But what happened is that AppScan does not offer static code vulnerability checking; dynamic is something they do offer, but it's not as complete and comprehensive as a static scan is. Even the state has gone away from AppScan, but we were looking at it, we were starting to get set up for it. But evidently, other agencies haven't found it to be as useful. So we're not going that direction, we're staying with Veracode. There would have been cost savings associated with going with AppScan but we decided, because the state was not going that way, that we were not going that way either. View full review »
Dave Cheli
Chief Technology Officer
When I was at the last company, I looked at HPE (now Micro Focus) Fortify vs Veracode and maybe IBM had a product, but they were overly complex and overly expensive. I remember talking to our Veracode account rep, who also was my account rep originally here at Focus Script, and she did a fabulous job of explaining it, doing a demo, showing how easy it was to use, and that's what sold me. Again, it was recommended from a very large health plan as one of the more reputable systems out there. View full review »
Associate Director
We did a PoC with Black Duck. View full review »
Information Technology at a insurance company with 51-200 employees
Competitors were evaluated but seemed, at once, too bloated or not relevant to all our specific requests. We were not interested in buying a product (such as a standalone program) rather we were interested in getting a tool for creating a process, and Veracode is that. View full review »
Senior Infrastructure Engineer at a healthcare company with 5,001-10,000 employees
I was not part of the evaluation team on this, unfortunately. But I believe the other options were evaluated as well, but I don't have access to that information. View full review »
Suzan Nascimento
SVP Application Security at a financial services firm with 10,001+ employees
HPE Fortify, Checkmarx, IBM AppScan. It really was between HPE Fortify, most of the time, and Veracode. I typically like Veracode because it is a SaaS solution. You have other providers now that do the same SaaS but then it goes back to the relationship and the partnership. I feel that I have that with Veracode. View full review »
Dennis Miller
VP Development
We had a couple of products that we looked at, but went with Veracode. View full review »
Assistant Vice President of Programming and Development at a financial services firm with 501-1,000 employees
Yes, but too long ago to remember which ones. View full review »
Technical Director at a financial services firm with 1,001-5,000 employees
We had been evaluating various different types of source-code scanners. It was a fundamental element of the program and we knew we had to have the best one that would meet a wide variety of applications: development, apps, as well as a wide variety of geographic dispersion of the people writing these apps. We had IBM, we had Fortify, we had PMD, and there was one other scanner at the time that we were evaluating. Veracode came out on top, in almost every category. By using a cloud-based scanner, we really had no issues with where the developers are geographically located. So we didn't really have setup problems at all. It just kind of happened, and scales fairly naturally, organically. View full review »
VP of Services at a tech vendor with 51-200 employees
We did evaluate other options, but I can't remember who we looked at. View full review »
Mike McAlpen
CISSP, CISM at a tech services company with 1,001-5,000 employees
They didn't have products before this one. This one pre-dated them. View full review »
Application & Product Security Manager at a insurance company with 1,001-5,000 employees
IBM, Coverity. View full review »
Rick Spickelmier
Chief Technology Officer at a tech vendor with 201-500 employees
We evaluated no other products for SAST when we started using Veracode. View full review »
Elina Petrovna
Professor at a government with 51-200 employees
I evaluated Kiuwan, Coverity, and Klocwork View full review »
Israel Varela
VP Sales at a non-tech company with 11-50 employees
When it comes to secure coding, Veracode is the only one we really considered. View full review »
Siddharth Kundalkar
Director Software Engineering at a tech services company with 51-200 employees
Managing Principal Consultant at a tech vendor with 11-50 employees
We evaluated other options, but we chose Veracode. View full review »
Chief Compliance Officer at a financial services firm with 51-200 employees
Efe Oral
Software Developer/Architect at a insurance company with 201-500 employees
We did not evaluate any alternative solutions. View full review »
Terry Chu
DevOps Release Engineer at a tech services company with 51-200 employees
None. We might look into Checkmarx. View full review »
Lead Security Engineer at a tech vendor with 201-500 employees
Checkmarx, SonarQube. View full review »
VP Worldwide Delivery Acceleration at a financial services firm
Fortify, App Scanner, Checkmarx. View full review »
Manoj Purandare
General Manager - Application Security at a tech consulting company with 51-200 employees
Yes. Checkmarx, SonarQube and Fortify Software. View full review »
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: May 2019.
348,558 professionals have used our research since 2012.

Sign Up with Email