Veracode Named a Leader in the 2023 Q3 Forrester Wave™ Static Application Security Testing
September 2023 by Marc Jacob
Veracode announced it has been named a Leader in The Forrester Wave™: Static Application Security Testing, Q3 2023.
The annual report, which evaluates 11 top vendors in the market against 26 criteria, helps security professionals select a static application security testing (SAST) vendor that best fits their needs. In this evaluation, Veracode received the highest score ahead of all competitors included in the report. The report notes, “Veracode is a great fit for enterprises looking to roll out and scale a comprehensive application security program.”
Veracode’s SAST analysis is part of a software-as-a-service (SaaS) platform that includes dynamic application security testing, software composition analysis, container and infrastructure-as-code (IaC) scanning and developer training. Veracode is the only vendor evaluated by Forrester Wave to achieve FedRAMP (Federal Risk and Authorization Management Program) and StateRAMP certification (State Risk and Authorization Management Program). FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. StateRAMP provides a comprehensive security framework designed to improve cloud security for state and local governments
The Forrester Wave™ states, “Veracode differentiates with reporting, remediation, and a programmatic approach.” Veracode offers a wide range of metrics and KPIs to meet customer needs, including fix rate, security trends and policy compliance, all in a digestible format. The report also highlighted Veracode’s future vision, which aims to “lower the development burden while providing security with a 360-degree view of the application risk landscape.” This vision includes “an exciting roadmap with AI-powered features for flaw prevention, automated remediation, intelligent prioritization, and cross-correlation of application security testing (AST) scans."
The report notes, “Veracode Fix is a noteworthy innovation that utilizes generative AI to automatically generate fixes for a finding. Veracode introduced Veracode Fix earlier this year, which utilizes generative AI to automatically suggest remediations for security flaws found in first-party code.