BURLINGTON, Mass.--(BUSINESS WIRE)--Veracode, a leading global provider of application security testing solutions, today announced that the General Services Administration (GSA) has granted the company a Federal Risk and Authorization Management Program (FedRAMP) authorization.
Veracode’s FedRAMP authorization comes at a time when the public sector faces challenges to strengthen the security of applications that are vital to the function of every federal government mission. The company’s most recent State of Software Security report revealed that the public sector has the highest proportion of applications with security flaws, at 82 percent, and the lowest and slowest fix rates. The report also showed that government entities have made great strides in addressing high severity flaws in software. In the past year, agencies have reduced critical vulnerabilities by one third.
This progress coincides with a series of major actions by the federal government to prioritize application security across the sector, including the U.S. Executive Order on Improving the Nation’s Cybersecurity, the Office of Management and Budget (OMB) Zero Trust Memo M-22-09, the National Institute of Standards and Technology (NIST) Software Supply Chain Security Guidance, and the Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model.
The Veracode platform is designed to be developer-friendly—through Veracode Security Labs, eLearning, and continuous scanning embedded into the environments in which developers work—and board-friendly, by providing a single view of an organization’s security posture and compliance via powerful reporting and analytics.
“Through Veracode’s comprehensive application security platform, federal agencies can now access a FedRAMP-authorized service offering multiple tools, including software composition analysis (SCA) that also supports the creation of a Software Bill of Materials (SBOM),” said Torey Vanek, FedRAMP Program Manager at Veracode. “This is crucial for government agencies who want to scan and then remediate known vulnerabilities within their software supply chain in accordance with compliance mandates in the Cybersecurity Executive Order and OMB’s Zero Trust memo.”
Securing the Software Supply Chain
As organizations recognize the imperative to analyze the security of software throughout the supply chain, many are turning to continuous testing throughout the software development lifecycle, leveraging multiple scanning types. From 2018 to 2021, the practice of combining multiple security testing methods increased by 31 percent, according to the Veracode State of Software Security report. The data showed companies that combined dynamic and static scanning remediated flaws 24 days faster than those that didn’t combine testing types, and that adding SCA into the mix further reduced fix times by six days.
Veracode products certified for FedRAMP include static analysis, pipeline scan, eLearning, dynamic analysis, API scanning, and SCA. As an American-owned comprehensive software security platform accredited for public sector cloud deployments available on the FedRAMP Marketplace, its platform bridges the needs of security and development teams. This works through a unified dashboard that allows security teams to ensure compliance to policy, while integrating software security best practices into developer environments.
“A series of high-profile hacks and vulnerabilities, such as Log4j, discovered within the software supply chain has heightened the federal government’s concern for application security,” said Neal Byrd, Vice President, Public Sector at Veracode. “These concerns, coupled with the current administration’s mandate to improve customer experience and digital services for all citizens, have elevated application security to mission-critical status, since software underpins every mission in government.”
Learn more about Veracode’s solutions here.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
Learn more at www.veracode.com, on the Veracode blog and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
