Veracode ROI

Kyle Engibous
Systems Architect at a tech vendor with 201-500 employees
I wish I had some numbers - this is really not my area. I would assume that it's got to be a fair amount of cost savings, only because we're touching things earlier. We didn't have anything before. I don't have good stats to provide except for the fact that now we have something in our process, where before we didn't. Before, security things were only being addressed if somebody actually found something or, even worse, if a customer found something. We don't have a lot of historical data but it's got to be substantial. I believe, from a technical standpoint, it's paying off for the rest of the organization. I think ethically it's the right thing to do. Educating our staff - I don't really know how you measure that in a dollar amount - but our developers are getting education and are becoming more aware of security in their software. Me being a technical guy, those two things are huge, and the dollars don't add up enough. I'm not sure how you would measure it. It probably pays off more over time as well. We're still only a year into it. So we're still learning a lot ourselves. View full review »
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees
By implementing Veracode in our development process, what we've done is cost avoidance, not necessarily savings. By getting ahead of it, and releasing product to the market that's more secure, we have very few, if any, reported issues by our customers. So we don't have to go and do a maintenance repair of those. That's an avoidance of cost. It's a pretty accepted standard that if you release a vulnerability or a flaw into the market, it's going to cost you 10 times more to address it after the fact than if you prevent it. I'd say that that, plus the automation of the scanning, has also reduced the amount of capacity or full time equivalence we have to apply to repair and scan. As I said, we have 35 applications, and instead of having 35 different people preparing their packages for upload and scan, it's automated. We don't have to spend money doing that as well. So avoiding the cost of releasing vulnerabilities into the market that get caught by customers and reported back, is a big one; and then, reducing the investment of performing the continual scans. View full review »
Sebastian Toma
Engineering Security Manager at Nextiva
I do not have any information on ROI. We became better from an engineering standpoint, but I don't know if we saved a ton of money in the process. View full review »
Information Security Engineer Team Lead at a hospitality company with 1,001-5,000 employees
I can't think of any cost savings related to code fixes since implementing Veracode. We are mostly focused on using it for application security, which is a hard thing to quantify unless you have a major breach. View full review »
Chief Information Security Officer with 501-1,000 employees
We are a state agency, so we're not for profit. I tell everybody we don't make money, we spend money. To frame it in the context of the public sector, I think we are giving our citizens peace of mind. When they come in to write a permit, and we send them to a service that collects payment, that jumping-off point is secure and safe. It would be more in those terms, rather than the bottom line. In the public sector, return on investment is not a term that is easily understood because we do not invest. But total cost of ownership is something that we can put our arms around. When we think about potential data breaches, Veracode has certainly helped us. When you think about the cost of the product and that I have one person, not ten people, running this tool, the total cost of ownership is low. I have no devices or servers, I didn't have to do any of that here onsite. It's all in the cloud. The total cost of ownership, given the services they provide, is very low, in my opinion. View full review »
Dave Cheli
Chief Technology Officer
I haven't really thought about cost savings related to code fixes, since we implemented Veracode, other than: It's always easier and much cheaper to catch errors and fix them before you go to production, versus catching them while in production. Just like it's much easier to fix things before production, as opposed to having somebody hack your system and to find out that you have a cross-site script error. But again, I've never quantified it in terms of whether it's saved me money. Just off the cuff, the cost of the license is small in comparison to the value it brings. I don't have to buy the software myself, I don't have to have specially trained security professionals that monitor this stuff. But I haven't really broken it down to quantify it into dollars, as such. View full review »
Associate Director
It has helped us reduce our overall time to remedy any validity, which can be found after being rolled out and put into production. Though, I cannot give you the number. It is always better to safeguard the environment rather than being hacked or have production downtime. In three years, we have not had any breaches or we seen any reduction in Shadow IT. View full review »
Information Technology at a insurance company with 51-200 employees
It is difficult to assert, but it helps a lot with maintaining compliance with our main customers, and helps us to pinpoint some specific issues. The cost of not having Veracode would be pretty high for us. View full review »
Senior Infrastructure Engineer at a healthcare company with 5,001-10,000 employees
Regarding any cost savings relating to code fixes since we implemented Veracode in our development process, I can't say I have that information off the top of my head. View full review »
Assistant Vice President of Programming and Development at a financial services firm with 501-1,000 employees
We don’t have the metrics to track specific dollars, but Veracode has saved us the cost of hundreds of employee hours by streamlining our vulnerability discovery process in legacy code, and by improving the quality of code released into production. As we support our organization's customer-facing digital channels by writing higher quality code, we have reduced the amount of bugs or downtime a user experiences using our systems. This saves in employee time and also increases engagement with our digital channels. View full review »
Information Security Lead Analyst at a Consumer Goods with 10,001+ employees
In terms of cost savings relating to code fixes since implementing Veracode in our development process, I can't really give hard numbers. View full review »
VP of Services at a tech vendor with 51-200 employees
I cannot give numbers on any cost savings related to code fixes since implementing CA Veracode in our development process. View full review »
Mike McAlpen
CISSP, CISM at a tech services company with 1,001-5,000 employees
I can't give you exact numbers, but it's a lot cheaper to do it sooner rather than later. View full review »
Application & Product Security Manager at a insurance company with 1,001-5,000 employees
It has not really resulted in any cost savings related to code fixes. View full review »
Elina Petrovna
Professor at a government with 51-200 employees
Given the following: * Effectiveness of automatic detection of defects, taking into account bad fixes. * Effort to find and correct a defect during automatic detection. * Effort to find and correct a defect during post release. * Effectiveness of testing. ROI expressed as project savings is 2.4% of the project cost. View full review »
Siddharth Kundalkar
Director Software Engineering at a tech services company with 51-200 employees
The cost savings are the efforts that it would take to do this at a stretch if this was not implemented early on in our development cycle. View full review »
Chief Compliance Officer at a financial services firm with 51-200 employees
We don't do a detailed enough analysis to reflect on any cost savings relating to code fixes made since we implemented Veracode. View full review »
Project Manager at a tech vendor with 501-1,000 employees
There are no directly measurable cost savings. We see security improvement as a key part of our product development. View full review »
Terry Chu
DevOps Release Engineer at a tech services company with 51-200 employees
I can't report on any cost savings relating to code fixes since implementing Veracode in our development process, but it makes us feel more confident about our code, which is awesome. View full review »
Head of Technology. at a tech services company with 11-50 employees
It helps us get over the line for security when contracting with customers, and any help reducing security vulnerabilities is a big help to us. View full review »

Sign Up with Email