Burlington MA—July 25, 2016—Veracode today announced Veracode Developer Sandbox, a patented new feature in the Veracode application security platform. Developer Sandbox changes the dynamic between developers and security/risk teams, giving developers more control of the application security process early in the development lifecycle while improving the accuracy and effectiveness of formal policy-based software review processes.
With Developer Sandbox, developers can scan full applications or individual components as they write them, so they can make improvements before sending the software for a formal policy or security review. This helps eliminate the ‘scan and scold’ dynamic that’s existed in the past, where even scans of early versions of code fed results to security and risk teams, creating the perception of software risk or compliance failures for the business well before the application is launched or the developer had a chance to make changes.
Developer Sandbox also helps developers working in agile or DevOps environments, because it enables earlier, more frequent testing of code for security risks as software is being developed, fitting into shorter development cycles and more frequent release cadences. The result is higher-quality code entering the formal review process, reducing the chance that critical security risks are identified late in the development process which can force a no-win decision between delaying release or incurring business risk.
“Developers have sometimes been left out of the security discussion in the past,” said Sam King, Chief Strategy Officer for Veracode. “The reality is developers want to write great code that’s secure code, but often don’t have access to tools that fit with the way they work. Developer Sandbox will help change that equation, giving them access to the industry’s most powerful application security platform in a way that works for them.”
Software developers often don’t have formal training in secure coding practices. In fact Veracode’s State of Software Security report shows that security risks are sometimes introduced through misconfigured SSL or encryption – the very features initially implemented to improve security. Veracode Developer Sandbox uses the full Veracode static scanning engine, which has been tuned and improved through the experience of scanning nearly 2 trillion lines of code. This gives these developers who may not have deep security skills a powerful aid in creating more secure code, as well as a place to practice and learn to code securely.
In conjunction with tools such as Veracode’s Software Composition Analysis, which identifies risks in the open source components often used in software development today, and Veracode’s in-line education tools that help developers learn how to fix vulnerabilities as they write their code, Veracode is making secure software development an easier, more seamless part of the entire software development lifecycle.
Veracode is a leader in helping organizations secure the software that powers their world, whether it is software they make, buy or sell. Veracode’s SaaS platform and integrated solutions for application security provide an end-to-end approach from code creation to application deployment. The Veracode platform incorporates technology, expertise and workflows into a unified, efficient solution for developers and security teams as well as enterprise risk and compliance functions.
Veracode serves over a thousand customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog and on Twitter.
Veracode is a registered trademark of Veracode, Inc. All other brand names, product names, or trademarks belong to their respective holders.