Total Economic Impact Study Reveals a Return on Investment of 184% for Veracode Application Risk Management Platform Customers

Technology News

Research Finds Veracode Platform Improved Developer Productivity By 80% and Boosts AppSec Efficiency By 85%

 

Productivity Gains From Software Security Lead to a 20% Increase in Revenue

 

Veracode, a global leader in application risk management, today released a commissioned study conducted by Forrester Consulting on The Total Economic Impact™ (TEI) of Veracode’s Application Risk Management Platform. The study revealed that Veracode delivered a 184 percent return on investment (ROI) to customers over a three-year period, as well as a material Net Present Value and a payback period of less than six months.

 

Specifically, there were four key drivers of the economic impact:

 

A 75 percent reduction in risk of software-based attacks

80 percent developer productivity recapture that can be reallocated to product innovation

85 percent efficiency gained in application security from increased automation

Most noteworthy, a 20 percent growth in revenues from software security that drove new products, new market entries, speed to market, and security as a differentiator

With software supply chain attacks on the rise, security and DevSecOps leaders need ways to source solutions that demonstrably protect their organizations, while helping them prove the value of application risk management. Forrester conducted the TEI study to examine the potential ROI for enterprises using the Veracode platform. Based on a series of interviews with Veracode customers, Forrester constructed a $2 billion “composite organization,” with 10,000 employees, 800 developers, and a business goal of increasing development velocity in support of revenue growth. The findings below are representative of these aggregated insights.

 

Reduced Risk of Software-based Attacks

 

Use of the Veracode platform resulted in a 75 percent decrease in the risk of a software supply chain-based attack which reduced associated breach costs for the study’s composite customer by $1.5 million over three years. The composite analysis also revealed annual financial benefits of about $7.1 million per year over a three-year engagement versus an upfront cost of $2.5 million, inclusive of platform fees, internal and third-party development costs, ongoing administration adoption, training and development. When added together, the average NPV, or the total value of an investment opportunity for Veracode customers over three years, stood at $4.6 million, with a payback period of less than six months.

 

As one study participant, an Application Security Engineer, noted, “We have managed to eliminate all high and very high vulnerabilities across all of the apps now for two months. We run the reports and scans every day, and for two months we have not seen a single high- or very high-severity vulnerability show up. So, they’re not just fixing them; they’re preventing them by the reuse of known secure functions and modules across the code base.”

 

Developer Productivity Unlocked

 

The Forrester TEI analysis revealed that giving developers better visibility into security flaws earlier in the development process helps them rapidly reduce security debt. Use of Veracode’s platform resulted in an 80 percent improvement in developer productivity, totaling 70,000 developer hours and $3.41 million that could be reallocated to product innovation for the composite customer.

 

“We started scanning about a year ago and have worked through [approximately] 60 percent of the outstanding open-source [software flaws]. That’s 20 years of tech debt we’ve worked through in that time, largely because we were able to have the controls in place for software releases with Veracode,” another study participant, a CISO in the healthcare technology field, stated.

 

Efficiency Through Automation

 

Forrester determined that customers experience an 85 percent reduction in the effort and time required to remediate flaws when using Veracode’s tooling to automate manual workflows. The study found the use of automation transformed the process and efficacy of AppSec programs by freeing up almost 25,000 hours—equivalent to nearly three years. The resulting productivity gains saved $1.3 million for the composite customer, as well as enabling Veracode customers to scale their scanning capacity.

 

As one Head of Global Engineering Tools in the professional services sector commented, “I would say [prior to Veracode] we weren’t able to [triage] efficiently enough. … To do that properly then, you would spend at least 10 hours to evaluate [which scans to triage], and now you can do it by a glance.”

 

Customers Gain Competitive Advantage

 

Modern enterprises face the constant challenge of innovating and delivering secure code faster to stay ahead of the competition. The Forrester TEI study found using Veracode to accelerate and shift security earlier in the software development lifecycle enabled the composite customer to bring features and products to market faster, open new markets and revenue streams, and use security as a