Veracode Previous Solutions

Kyle Engibous
Systems Architect at a tech vendor with 201-500 employees
We had never done anything like this in the past. This was the solution that we chose. We didn't really evaluate anything else. I know that my boss has been a fan of some CA products in the past and really recommended this one. I did some digging on it, from a technical standpoint, and I said I believed it would be able to scan all our stuff, support our platforms, the languages that we write our applications in, so that's how we landed on Veracode. View full review »
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees
Prior to working with Veracode, we used a self-applied application. That is, we had the solution on-premise, but just could never quite get the routine approach that we've developed with Veracode. The program management features that Veracode offers to help us get our program up and going, along with the low false-positive rates that their solution provides - versus what we had done in the past - gave us some immediate traction. I think that we were able to make progress in the first five or six months working with Veracode, that we had not made in four or five years with previous approaches. It was a dynamic scanning solution but, again, it was on-premise. Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation, where the other solution was a good solution, but all of that work fell upon us to do for ourselves. Our focus is on developing features and functions for our application, and running an application security platform in-house is just not practical, just not our core competency. View full review »
Sebastian Toma
Engineering Security Manager at Nextiva
We never did use other products. The reason we started looking into IBM and WhiteSource was because of the hiccups or the speed bumps we were encountering with our springboard artifacts. We were in the process of evaluating other products and I think it's still a valid option. I wouldn't advertise it, but we were in the process of changing from Veracode just because of that one particular issue. We had to build our artifacts differently than before just to scan them, i.e. instead of scanning the ones we were publishing. It's not a big deal overall, but it would be nice for the solution to work out of the box with everything that's out there. Instead, many companies are changing the way they're doing business just for this small little step in the delivery process. View full review »
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: October 2019.
371,639 professionals have used our research since 2012.
Information Security Engineer Team Lead at a hospitality company with 1,001-5,000 employees
We used HP WebInspect, which is now under the Fortify umbrella. HP WebInspect was just terrible. Had we used the on-demand cloud piece - which is why I perhaps have to pull my comment back - maybe we would have had a different experience. But we had a WebInspect instance on a single server that was inside of our own data center. It was very, very kludgy, very slow, didn't work very well. We were hitting the required specs for it but we'd have a dynamic website scan, which should not have taken very long, taking a week. It not only should have been very close to the scanning engine, but had its own dedicated route for pieces that live in the cloud. It was bad, and it was slow, and their reporting was terrible. There was no real support for it. It was just very bad. View full review »
Dave Cheli
Chief Technology Officer
Veracode was really my first introduction to static code analysis. The way I came across it in my previous company was, they were going through security due diligence and we didn't have any code analysis software. The company, a very large health plan, said, "Here are three that we recommend." Veracode happened to have been one of them, along with HPE and another company, maybe it was IBM, I don't know. We took a look at all of them and we made a decision to go with Veracode. View full review »
Associate Director
We did not previously use another solution. View full review »
Information Technology at a insurance company with 51-200 employees
VCG (Visual Code Grepper) but I am not even going to compare them. VCG is as good as they come, but Veracode is a different breed. An application went through VCG and we were pretty confident. Then, Veracode results just blew us out of our shoes. View full review »
Senior Infrastructure Engineer at a healthcare company with 5,001-10,000 employees
We were not using a previous vendor prior to this. We've used other vendors like Nessus for pen testing. We still use those. Veracode was just more of an addition. View full review »
Suzan Nascimento
SVP Application Security at a financial services firm with 10,001+ employees
At a previous company, we were using HPE Fortify. We couldn't scale because it was an on-prem solution. Therefore, after five years, we decided to break out of the mold and use a SaaS solution. We were comfortable at the time doing so because we weren't sending source code, for the most part. As soon as we went to a cloud solution we scaled dramatically. What I look for in a vendor is 70 percent a technical match with the features and benefits we need and for the remaining 30 percent, I look at the culture of the company because, for me, it is a relationship. I want to have a partnership and I want it to feel like a win-win. If they feel like it is a short-term decision, get in get out, I want to know that. I want to be able to talk to them at any time and add service enhancements, feature enhancements, those kinds of things. It's a 70-30 split for me. View full review »
CISO at Laboratory Corporation of America Holdings
Any previous solutions would have been more than 10 years ago, and I don't remember why we switched. It's like the car you drive or the shoes you like to wear: Once they work - and it has worked in multiple sectors - there is no reason to change. When selecting a vendor, the important criteria are relationships and support. When I pick up the phone and I get a Sam King or a Bob Brennan on the line, things happen. View full review »
Dennis Miller
VP Development
We used the built-in solution inside of Microsoft Visual Studio, and we switched because Veracode had more cohesive scanning abilities and found a lot more issues with our code, when we first scanned it. View full review »
Tim Jee
Cyber Security Engineer at a Consumer Goods with 1,001-5,000 employees
I have done a lot of product comparisons in my time, in information security. A lot of them are modules of a product, there is no single pane of glass. When I talk about metrics, I want to see everything in a single pane of glass, I want to see all of my results in one location. A lot of the other application security products out there can't do that yet. They are getting there but Veracode has already been able to do that for years. Veracode can run multiple types of tests and you can see all the results in one area. When selecting a vendor the most important criteria are * scalability * reliability of results - we want to see results-oriented success. View full review »
Divakar Rai
Senior Solutions Architect at NessPRO Italy
I have used multiple tools similar to Veracode that integrate with the IDE. View full review »
Information Security Lead Analyst at a Consumer Goods with 10,001+ employees
Veracode is the first professional solution I've used. It was in place when I got to the company. View full review »
Mike McAlpen
CISSP, CISM at a tech services company with 1,001-5,000 employees
Never. I've been using it for 20 years. I tried others, like HPE's and IBM's, when I was with Visa, but this is the best. View full review »
Application & Product Security Manager at a insurance company with 1,001-5,000 employees
IBM Security App Scan. In looking at Veracode vs IBM Security App Scan, I switched because of the CI/CD offerings of Veracode. View full review »
Rick Spickelmier
Chief Technology Officer at a tech vendor with 201-500 employees
We had no previous solution. Our choice of Veracode was due to Veracode being a customer and requiring that we use their tool to scan our solution. View full review »
Elina Petrovna
Professor at a government with 51-200 employees
I used SonarQube. It lacks of real enterprise-wide security detection. I continue to use Fortify and AppScan, while I am using Veracode. View full review »
Managing Principal Consultant at a tech vendor with 11-50 employees
We did not use another solution prior to this one. View full review »
Chief Compliance Officer at a financial services firm with 51-200 employees
We did use a previous solution. It didn't satisfy our needs technically, and the customer service and its cost were not satisfactory. View full review »
Project Manager at a tech vendor with 501-1,000 employees
We did not have a previous solution. We picked this product because our partner (SAP) uses it. View full review »
Global Application Security at a pharma/biotech company with 10,001+ employees
We had no previous solution. We didn't know we needed to invest in Veracode. It worked out that way through our evaluation process that it was the right solution for us. View full review »
Lead Security Engineer at a tech vendor with 201-500 employees
We used SonarQube but to improve security in SAST we choose this. View full review »
Manoj Purandare
General Manager - Application Security at a tech consulting company with 51-200 employees
Quality levels, service offerings, pricing, and mainly the features and abundance of technologies provided by others made us switch to a different solution. View full review »
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: October 2019.
371,639 professionals have used our research since 2012.
Sign Up with Email