BURLINGTON, Mass. — Veracode, a leading provider of intelligent software security solutions, has been positioned as a 10-time Leader in the 2023 Gartner Inc. Magic Quadrant for Application Security Testing—an in-depth evaluation of the market’s competitors. The company has been recognized as a Leader in the report every single time since it was first published.
With independent feedback and ratings from customer reviews culminating in a 97 percent “willingness to recommend” (based on 61 reviews, as of 31 July 2022), Veracode was also positioned as a Gartner Peer Insights™ Customers’ Choice for Application Security Testing.
Sam King, Chief Executive Officer at Veracode, said, “For more than 17 years, we have had an unrelenting commitment to making secure software a competitive advantage for our customers. Our continued position as a Leader in the Gartner Magic Quadrant, combined with our recognition as a Customers’ Choice, we feel demonstrates the trust placed in us every day by developers, security teams, and business leaders worldwide. We are proud to say that Veracode was one of the pioneers of application security and now we are propelling the category into the future: intelligent software security.”
The Head of Application Security at a banking company reviewing Veracode in Gartner Peer Insights™ said, “Of all the companies that carry out POCs (Proof of Concepts)...only Veracode proves to be a solid and senior company or enough to put in our financial institution." A security analyst at another firm commented, “In order for a product to be successful, it needs to do two things right, ‘product performance’ and ‘support’. Veracode gives you the best of both worlds, a great product with great support.”
Protecting the Software Supply Chain
Veracode offers EU and UK Support through its dedicated European Region, an EU instance that allows European organizations to address data residency concerns. The company has also achieved the US Federal Risk and Authorization Management Program (FedRAMP), which makes multiple tools available to US federal agencies that want to find and fix software supply chain vulnerabilities in accordance with compliance mandates. Veracode is the only software composition analysis vendor listed in the FedRAMP marketplace.
King said, “Increased reliance on third-party code, along with emerging regulations for software security and data compliance, are some of our customers’ greatest challenges. To alleviate the pressure on organizations, our proprietary database tracks open-source risk and our platform provides continuous scanning through multiple tools, including container security, infrastructure-as-code (IaC) scanning, and Software Bill of Materials (SBOM) capabilities.”
Veracode’s recent addition of Peer Benchmarking—a new self-service capability that allows organizations to measure their flaw and remediation performance against industry peers—also enables security leaders to assess the impact of their investments and demonstrate value to the business.
Strength of Vision: Delivering Capabilities Against Customer Needs
In the past year, Veracode has also made two significant acquisitions, to which the company credits its position in the report. Firstly, the acquisition of the Germany-based Crashtest Security tool enhanced Veracode’s existing dynamic analysis and penetration testing capabilities for web apps and application programming interfaces (APIs), as well as broadening customer access globally. More recently, the acquisition of auto-remediation technology from Jaroona, a 2021 Gartner® Cool Vendor™ for DevSecOps, enabled the launch of Veracode Fix. The new AI-powered product automatically suggests remediations for security flaws found in code and open-source dependencies.
Brian Roche, Chief Product Officer at Veracode, said, “One of the biggest pain points our customers express is mitigating intensifying threat against an expanding attack surface, while accelerating development velocity and minimizing costs. We’ve invested heavily in our platform over the past year to develop automated solutions that remove friction for developers and provide security teams with a comprehensive view of risk. The launch of Veracode Fix addresses the need to broaden our focus from application security testing to intelligent software security.”