SOURCE: Veracode


July 26, 2016 08:00 ET

Veracode Puts Developers in the Driver's Seat When It Comes to Creating Secure Software

New Developer Sandbox Capability Lets Developers More Easily Spot and Fix Security Risks in Their Code Earlier in the Development Process, Before Any Formal Security Reviews

BURLINGTON, MA--(Marketwired - Jul 26, 2016) -

News Highlights

  • Veracode's Developer Sandbox feature lets developers test their code for security risks earlier and more often, helping them write safer code while maintaining or improving development cycles.
  • Developers can now get insight into security risks in their software before any formal security reviews, letting them find and fix security-related defects on their own terms, as part of writing high-quality code.
  • Developer Sandbox puts all the power of Veracode's industry-leading application security platform in the hands of developers, in an easy-to-use capability that fits today's agile and DevOps processes.

Veracode today announced Veracode Developer Sandbox, a patented new feature in the Veracode application security platform. Developer Sandbox changes the dynamic between developers and security/risk teams, giving developers more control of the application security process early in the development lifecycle while improving the accuracy and effectiveness of formal policy-based software review processes.

With Developer Sandbox, developers can scan full applications or individual components as they write them, so they can make improvements before sending the software for a formal policy or security review. This helps eliminate the 'scan and scold' dynamic that's existed in the past, where even scans of early versions of code fed results to security and risk teams, creating the perception of software risk or compliance failures for the business well before the application is launched or the developer had a chance to make changes.

Developer Sandbox also helps developers working in agile or DevOps environments, because it enables earlier, more frequent testing of code for security risks as software is being developed, fitting into shorter development cycles and more frequent release cadences. The result is higher-quality code entering the formal review process, reducing the chance that critical security risks are identified late in the development process which can force a no-win decision between delaying release or incurring business risk.

"Developers have sometimes been left out of the security discussion in the past," said Sam King, Chief Strategy Officer for Veracode. "The reality is developers want to write great code that's secure code, but often don't have access to tools that fit with the way they work. Developer Sandbox will help change that equation, giving them access to the industry's most powerful application security platform in a way that works for them."

Software developers often don't have formal training in secure coding practices. In fact Veracode's State of Software Security report shows that security risks are sometimes introduced through misconfigured SSL or encryption -- the very features initially implemented to improve security. Veracode Developer Sandbox uses the full Veracode static scanning engine, which has been tuned and improved through the experience of scanning nearly 2 trillion lines of code. This gives these developers who may not have deep security skills a powerful aid in creating more secure code, as well as a place to practice and learn to code securely.

In conjunction with tools such as Veracode's Software Composition Analysis, which identifies risks in the open source components often used in software development today, and Veracode's in-line education tools that help developers learn how to fix vulnerabilities as they write their code, Veracode is making secure software development an easier, more seamless part of the entire software development lifecycle.

About Veracode

Veracode is a leader in helping organizations secure the software that powers their world, whether it is software they make, buy or sell. Veracode's SaaS platform and integrated solutions for application security provide an end-to-end approach from code creation to application deployment. The Veracode platform incorporates technology, expertise and workflows into a unified, efficient solution for developers and security teams as well as enterprise risk and compliance functions.

Veracode serves over a thousand customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes' 100 Most Valuable Brands. Learn more at, on the Veracode blog and on Twitter.

Veracode is a registered trademark of Veracode, Inc. All other brand names, product names, or trademarks belong to their respective holders.

Contact Information