Latest news with #Veracode
Business Wire
22-04-2025
- Business
- Business Wire
Veracode Advances Application Risk Management with Innovations for Comprehensive Risk Visibility and Software Supply Chain Security
BURLINGTON, Mass.--(BUSINESS WIRE)--Veracode, a global leader in application risk management, today unveiled new capabilities offering proactive risk mitigation and automated security at enterprise scale. With software supply chain attacks and open-source vulnerabilities at an all-time high, enhanced Veracode Risk Manager (VRM) and an early access program for Veracode Package Firewall come at a critical juncture. The innovations represent a significant milestone in Veracode's vision to deliver centralized risk visibility and secure development from the start. Our latest Application Risk Management platform enhancements give organizations the tools to not just identify risks, but to trace them to their root cause and prevent them before they compromise the software supply chain—without slowing down development. Share 'Security teams face immense pressure to combat evolving threats, while developers require the flexibility to innovate quickly,' said Derek Maki, Head of Product at Veracode. 'Our latest Application Risk Management platform enhancements provide organizations with the tools to not just identify risks, but to trace them to their root cause and prevent them before they compromise the software supply chain—all without slowing down development.' Veracode's newest offerings address increasing risk from open-source vulnerabilities and untrusted sources, reinforcing its leadership in application security innovation. The offerings combine automation with detailed remediation guidance to enable frictionless workflows throughout the software development lifecycle. Fortified Software Supply Chain Security with Veracode Package Firewall With over 97 percent of applications leveraging open-source components, malicious or noncompliant packages expose organizations to serious security risk. Veracode Package Firewall, built on technology acquired from Phylum Inc., blocks unsafe dependencies before they enter an organization's environment. The tool employs the Open Policy Agent (OPA), a universal standard for policy automation that enables automated enforcement to expedite governance, effectively preventing software supply chain risks at the earliest entry point. Veracode Package Firewall delivers: Proactive Risk Mitigation: Strengthened security posture, reduced attack surface, and lower operational costs through automation and early threat mitigation. Streamlined Security and Compliance: Faster time to market, simplified compliance reporting, and enhanced collaboration across security and development teams. Secure Developer Productivity: Improved efficiency and innovation, freeing up developers' time to focus on building software. Veracode Package Firewall is currently available to a subset of customers under early access and will be generally available in June 2025. Intelligent and Contextualised Prioritization with Veracode Risk Manager Security teams are overwhelmed with the volume of risk alerts, making it challenging to identify which vulnerabilities are the most critical. Veracode's latest enhancements to VRM further strengthen its Application Security Posture Management (ASPM) capabilities, providing unified risk visibility, contextual prioritization, and automated threat management. Key new features include: Runtime Container Risk Context: Seamless integration with Kubernetes environments to enrich vulnerability findings with crucial runtime intelligence. This allows customers to prioritize remediation efforts by identifying which vulnerabilities exist in packages that are loaded and exposed in running containers, focusing on the most tangible risks to the business and providing continuous visibility into the application's runtime posture. Advanced Labeling Capabilities: Precise control over security findings with highly customizable tags and classifications. This granular labeling directly streamlines remediation by enabling targeted filtering and the creation of role-specific risk views tailored to use cases that matter most to the business. Repository Tools: More seamless integration with repository tools to pinpoint the exact origin of vulnerabilities, identifying the root cause of risk. This direct line of sight accelerates root cause analysis and enables teams to address security flaws with greater speed and precision. Veracode Risk Manager automates issue investigation and prioritization while facilitating real-time monitoring—crucial for evaluating and improving security posture across multi-cloud environments. These latest enhancements enable organizations to address risk more effectively, with improved precision, triaging, and control over findings from multiple environments. Runtime Container Risk Context and Repository Tools are available now, and Advanced Labeling Capabilities will be coming soon. See the Innovations Live at RSAC 2025 Veracode's experts will be on site at RSAC Conference in San Francisco (April 28 - May 1, 2025) to showcase the company's latest products. Visit booth #1243 for interactive demos and expert discussions on how to stay ahead of emerging threats and stop software supply chain attacks before they happen. Learn more about Veracode's products on the website. About Veracode Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform offers adaptive software security and is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world's leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing. Learn more at on the Veracode blog, and on LinkedIn and X. Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
Associated Press
09-04-2025
- Business
- Associated Press
Veracode Secures Patent for AI-powered Remediation Tool, Veracode Fix
BURLINGTON, Mass.--(BUSINESS WIRE)--Apr 9, 2025-- Veracode, a global leader in application risk management, announced today it has been granted a United States patent for its generative artificial intelligence security tool, Veracode Fix. This AI-powered technology assists developers to fix vulnerabilities instantly across 11 languages in all integrated environments, helping strengthen an organization's security posture. Automating the remediation process, Veracode Fix enables organizations to accelerate innovation and growth by seamlessly remediating vulnerabilities across the software development life cycle. Launched in April 2023, the capability was the first to combine artificial intelligence and human expertise to automate fix suggestions for security flaws in code. 'This is a major milestone for Veracode,' said Tim Jarrett, Group Vice President of Product Management. 'The Veracode Fix patent demonstrates our unwavering commitment to customers by offering innovative security solutions that help organizations manage and remediate application risk at scale.' Innovation Software Security and Customer Impact This patent (US12229040B2) addresses the critical challenge of remediating risk in complex application environments. By applying extensive knowledge of code vulnerabilities and AI-driven intelligence, Veracode empowers organizations to: Proactively reduce their attack surface Accelerate vulnerability remediation Improve operational efficiency Deliver secure applications with greater confidence A leading financial services company noted, 'The Veracode Fix patent represents a well-earned recognition of groundbreaking security remediation technology. As long-term users, we've witnessed the exceptional value this solution delivers to our development ecosystem—enabling our teams to address 16 times the vulnerabilities at triple the speed. Beyond merely shortening remediation cycles, Veracode Fix has empowered our development staff to naturally incorporate security practices into their daily workflows, significantly reducing our risk. Our sincere congratulations to the entire team on this achievement!' Veracode Fix was invented by world-class application security experts, who recognized early the potential of Generative Pre-trained Transformer (GPT) technology—a type of Large Language Model (LLM) that uses deep learning to produce human-like content—to revolutionize software security. The tool is trained on Veracode's proprietary knowledge base using supervised learning, unlike other AI tools that are trained on insecure code 'in the wild.' In celebration of this milestone, Veracode is offering a trial of Veracode Fix with no initial cost. For complete details including eligibility requirements, duration, and terms of service, contact a Veracode representative. About Veracode Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform offers adaptive software security and is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world's leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing. Learn more at on the Veracode blog, and on LinkedIn and X. Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners. SOURCE: Veracode, Inc. Copyright Business Wire 2025. PUB: 04/09/2025 07:50 AM/DISC: 04/09/2025 07:49 AM
Forbes
03-04-2025
- Forbes
How To Secure Software In The GenAI Coding Era
Chris Wysopal is Founder and Chief Security Evangelist at Veracode. Generative artificial intelligence (GenAI) has very quickly established a foothold among code developers as an essential tool in their workflow. Developers have shifted from the traditional code reuse model to generating new code snippets by prompting GenAI, leading to a significant change in software development dynamics. It's easy to see why, as the merits are well-documented. GenAI-driven generation of code comes with an unquestioned productivity boost. Research from Microsoft has shown that developers using GenAI were able to complete 26% more tasks on average, increase the number of code commits by 13.5% and increase builds by 38.4%. In the competitive marketplace where every company and developer is looking for an edge, these numbers reinforce the obvious: The GenAI co-generation era is here to stay. The productivity boost from GenAI is clear, but it creates tension with the industry's increasing push to secure coding and software security. Traditionally, developers wrote code over an extended period of time—weeks or even months—then tested it for vulnerabilities before production deployment. That approach changed with DevOps, which emphasized writing, testing and deploying smaller chunks of code in rapid cycles. To address security concerns in this agile environment, the DevSecOps movement emerged, embedding security testing tools directly into the development pipeline. Now, AI-driven code generation has further accelerated this cycle. While code reuse decreases and code velocity increases in this new paradigm, vulnerability density remains consistent because the large language models (LLMs) that developers are using are often trained on open-source datasets rife with existing security flaws. With far more output at the same vulnerability density, faster code production leads to a proportional increase in vulnerabilities. Recent studies back up these concerns. New York University researchers found that 40% of code produced by Microsoft's Copilot AI contained known security vulnerabilities, while a similar study from Wuhan University found security weaknesses in 30% of Python and 24% of JavaScript Copilot-generated code snippets. Despite this, developers often perceive AI-generated code to be more secure than it is. Stanford University found that developers using LLMs were more likely to write insecure code while being overly confident about its security. To fully leverage AI-assisted development, the first step is to approach code co-generation with open eyes. Organizations must acknowledge and actively counter the human biases that lead to overconfidence in AI-generated content. The data says that LLMs are fallible and likely to introduce just as many (if not more) security flaws as their human counterparts, but it's up to the developers to heed that important warning. Developers must also understand that the quality of AI-generated code is only as good as the dataset on which it was trained. If the training data includes vulnerable open-source code, those vulnerabilities will likely surface in the generated output. Using curated datasets known to include more secure code and incorporating security considerations into any GenAI prompts are important steps that will help developers ensure a foundation of secure AI co-generation. The increased velocity of vulnerability introduction has already gone beyond what human remediation can handle. Veracode's State of Software Security Report (SoSS) found that only 20% of applications achieve a monthly fix rate exceeding 10% of identified flaws. Persistent high-severity vulnerabilities, or "security debt" (i.e., security flaws in code that are unfixed for more than one year), continue to accumulate as a result. As that debt adds up, it leads to more compliance risks, security alerts and quality issues. The only way to keep pace is to fight fire with fire in the form of AI-assisted remediation tools. These solutions offer a way to address security issues without expanding development teams or diverting their focus from core objectives. As GenAI reshapes software development, security automation will become increasingly essential. From vulnerability detection to automated fixes, integrating AI into the security pipeline will ensure a balance between speed and security. Developers will use GenAI as part of the software development process moving forward. The industry is simply too competitive to leave that bump in productivity on the table. But companies need to take a realistic approach, which means a complete reevaluation of security practices to address the risks inherent in AI-generated code. By automating security processes and leveraging AI-powered remediation tools, developers can harness the full potential of GenAI while maintaining robust security standards. The era of GenAI demands faster code development and smarter, AI-driven security measures to ensure that the threat of vulnerability proliferation is kept in check. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
