Business Wire

Latest Innovations from Veracode Help Organizations Be Secure by Design

Share

Company Launches Veracode Risk Manager and Enhancements in AI-powered Remediation

AWS Re:Invent (booth #563)-- Veracode, a global leader in application risk management, today announced powerful innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem. The latest enhancements in Veracode Fix and Veracode Risk Manager, formerly known as Longbow Security, give developers the ability to build software, assess risk, and remediate at the click of a button in their preferred environment.

Tim Jarrett, Group Vice President of Product Management at Veracode, said, “Six months ago, we proudly signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure By Design pledge, which set out to build cybersecurity into the design and manufacture of technology products. To fulfil that promise, Veracode continues to invest in new features that shift security left and make it a more automated, frictionless experience for developers.”

AI-powered Remediation in the IDE for Developers

The explosion of AI means code is now being written faster than ever—but the challenge is AI-generated code contains around the same percentage of flaws as human-generated code. With 71 percent of organizations drowning in security debt through years of accumulated code vulnerabilities, developers are in dire need of tools to accelerate flaw remediation.

The latest innovations in Veracode Fix, which combines AI and human expertise to reduce remediation time from months to minutes, means developers now have access to drop-in code fixes for up to 80 percent of first-party weaknesses. For an organization with 2,000 security flaws, this means using the tool could cut the time to clear security debt by 2,400 hours, saving $240,000 compared to manual remediation.

“We listened carefully to feedback from developers who loved the tool and wanted to integrate it into their workflows. With many of our customers building in environments like GitHub every day, we brought Veracode Fix directly into their Push/Pull Request activities. Our flexible GitHub Action can be configured to remediate all files in a project, fix all supported flaw types, and enable developers to leave individual comments on each fix suggestion,” Jarrett said.

Veracode Fix is available in all integrated development environments (IDE), meaning developers can fix vulnerabilities at the push of a button in their CI/CD pipelines and ensure they’re building software that’s secure by design.

The tool is already helping customers make security innovation become a measurable reality. Phillip Hagedorn, Cloud Architect at HDI Global SE, said, “One future success factor will be Veracode’s artificial intelligence helping fix our findings. AI supporting fixes is a game changer. We have an approved plan for benefitting from AI, and it’s time to roll it out.”

With Veracode’s newest IDE support, developers can also find and fix vulnerabilities in first-party and open-source code before adding it to the codebase. This means more streamlined workflows and problem-solving using static analysis and software composition analysis in Visual Code Studio, JetBrains (IntelliJ, PyCharm, Rider), Eclipse, and Visual Studio.

Application Security Posture Management with Veracode Risk Manager for Security Teams

Alongside Veracode Fix, Veracode Risk Manager (VRM) correlates and contextualises risk from code to cloud, tracing it back to the root cause to enable one-to-many remediation. This comprehensive visibility empowers security teams to prioritize and eliminate the most critical vulnerabilities with the least amount of effort.

A series of new advancements to VRM gives developers and security teams even greater control over risk management. The latest features include:

  1. GitLab Repository Connector: Empowers root cause analysis of runtime issues by tracing them directly back to the source code repository, allowing teams to pinpoint the origin of risks and accelerate remediation.
  2. GitLab Ultimate Security Findings: Enables ingestion, unification, correlation, and prioritization of Gitlab Ultimate Security Findings including Static Analysis and Container Security findings. This enables teams to focus on the issues that matter most and provides unified risk and compliance reporting.
  3. Custom Compliance Mappings: Provides organizations with the tools to customize compliance mappings according to their specific requirements, facilitating easier compliance management.
  4. New Connectors: VRM has several new native findings connectors, including Tenable, Qualys, Rapid7, Aquasec, ServiceNow Two-Way sync, and more.

“VRM is the brain of cloud-native security, making it an indispensable tool for enterprises committed to fortifying their defenses in a cloud-native world. The tool addresses common challenges, such as fragmented visibility and scalability limitations, and transforms how organizations visualize, prioritize, and remediate risk with a 360-degree view of security vulnerabilities. These latest enhancements, along with the Application Risk Heatmap and Universal Connector features we launched earlier this year, make VRM a transformative upgrade for enterprises that are serious about security,” Jarrett said.

Helping Organizations Build Secure by Design

Veracode’s newly appointed Chief Product Officer, Ravi Iyer, is focused on embedding security into product development and enhancing the overall developer experience. “These latest innovations underline the importance of building, buying, and deploying software that’s secure by design. Our customers need solutions that help them identify, manage, and remediate risk at scale, and we’ll continue to meet this demand by making Veracode’s products integrated and easy for developers to use,” Iyer said.

Veracode will be at AWS Re:Invent conference in Las Vegas, December 2-6, 2024. Visit booth #563 for more information on the latest products or to get a demo of Veracode Fix and VRM.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.

Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

View source version on businesswire.com: https://www.businesswire.com/news/home/20241202337994/en/

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

SLB Capturi Completes Construction of the World’s First Industrial-Scale Carbon Capture Plant at a Cement Facility2.12.2024 22:35:00 CET | Press release

Facility will reduce emissions by up to 400,000 metric tons of CO2 annually for Heidelberg Materials ― one of the world’s largest building materials companies SLB Capturi has reached a significant milestone of mechanical completion of the carbon capture plant at Heidelberg Materials’ cement facility in Brevik, Norway. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20241202648162/en/ The carbon capture plant is designed to capture up to 400,000 metric tons of CO2 annually from the Heidelberg Materials cement facility in Brevik, Norway. (Photo: Business Wire) With the full-scale carbon capture plant now complete, including the carbon capture system, compression system, heat integration system, intermediate storage, and loadout facilities, the plant is now ready for testing and commissioning. When operational, this world-first commercial-scale carbon capture plant at a cement facility will enable production of net zero cement, wi

Winter Wonderland in the Heart of NYC: The Empire State Building Celebrates the Holiday Season with Extravagant Holiday Décor, Festive Movie Screenings, Special Lightings, and More2.12.2024 22:30:00 CET | Press release

The Empire State Building (ESB) today announced details for its fan-favorite holiday festivities with over-the-top decorations, festive pop-ups, classic movie screenings, and special tower lightings. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20241202020008/en/ Winter Wonderland in the Heart of NYC: The Empire State Building Celebrates the Holiday Season with Extravagant Holiday Décor, Festive Movie Screenings, Special Lightings, and More (Photo: Business Wire) “There is no place quite like New York to spend the holidays, and the Empire State Building tops the list of things to do in NYC,” said Jean-Yves Ghazi, president of the Empire State Building Observatory. “From photos with Santa to classic film screenings, guests will make holiday memories to last a lifetime with the best views in New York City.” Topped with Tinsel Every corner of the Empire State Building Observatory will be adorned in festive holiday decorations w

IonQ Unveils New Enterprise-Grade Quantum OS and Hybrid Services Suite2.12.2024 22:05:00 CET | Press release

Full stack development approach drives enterprise-grade capabilities, enabling improved quantum functionality for commercial applicationsIonQ Quantum OS drives an average reduction of over 50 percent in on-system classical overhead, improving time to solution for quantum workloads IonQ (NYSE: IONQ), a leader in the quantum computing and networking industry, today announced the launch of its quantum operating system, now called IonQ Quantum OS, and a collection of new capabilities named IonQ Hybrid Services suite. These technologies will greatly advance performance and utility of quantum computing for enterprise customers. IonQ Quantum OS is a nearly ground-up rewrite of IonQ’s original quantum operating system. Designed and built with a flexible and modular architecture, it is designed to scale and adapt with IonQ’s hybrid quantum computing ecosystem and power IonQ’s current and future flagship quantum computers, including IonQ Forte and IonQ Forte Enterprise. Designed for improved per

BitGo Launches Comprehensive Retail Platform2.12.2024 16:00:00 CET | Press release

New Dedicated Retail Platform Enables Retail Investors to Buy, Sell, Trade, Custody, and Stake Crypto AssetsU.S. Retail Investors Can Sign Up for BitGo’s Retail Platform to be Entered to Win a Full Bitcoin BitGo, the leading infrastructure provider of digital asset solutions trusted by institutions since 2013, today announced the official launch of its dedicated retail platform, providing retail customers access to BitGo’s comprehensive suite of regulated and secure digital asset trading, staking, wallets, and qualified custody services. The platform is now live for all global investors and available for sign-up at bitgo.com/welcome. Eligible U.S.-based investors who sign up for BitGo’s retail platform will have the opportunity to win a full bitcoin. Key advantages of BitGo’s retail platform include:Security and Trust: As one of the most trusted companies in the global digital asset space since 2013, BitGo has safeguarded billions in crypto assets for institutions, providing the highes

Lone Star Completes Acquisition of Carrier’s Commercial and Residential Fire Business Forming Kidde Global Solutions2.12.2024 16:00:00 CET | Press release

Lone Star Funds (“Lone Star”) today announced that an affiliate has successfully completed the acquisition of Carrier Global Corporation’s Commercial and Residential Fire business in a transaction valued at $3 billion. As a result of the transaction, the business will operate as an independent company under the new name Kidde Global Solutions. Kidde Global Solutions unifies some of the most trusted and iconic brands in fire and life safety, including Kidde, Kidde Commercial, Edwards, GST, Badger, Gloria, and Aritech. "Kidde Global Solutions is an industry-leading portfolio of strong brands and innovative teams with a long history of serving global customers and exciting growth opportunities," said Donald Quintin, Chief Executive Officer of Lone Star. “We look forward to working with Kidde Global Solutions’ talented management team to further build this outstanding business." The initial definitive agreement of the sale was announced in August 2024 and the final close took place on Dece

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye