Veracode, a global leader in application risk management, announced platform innovations that set a new standard for developer-driven application security. New repo-risk visibility and analysis from Longbow Security, powered by Veracode, accelerates the approach to application risk from code repositories to runtime images. The solution was launched together with Veracode Fix in the IDE (Integrated Development Environment) and Batch Fix to bridge the gap between development and security teams. These latest innovations help developers focus on the most critical tasks that drive value and differentiation.
“ Today, developers face significant competitive pressure to innovate faster and apply more security controls to their code than ever before,” said Tim Jarrett, Group Head of Product Management at Veracode. “ We are committed to providing a seamless experience for developers and security operators, and our recent product enhancements make the task of securing code simple and effortless.”
Bringing development & security teams together: repo-risk visibility & analysis
In April, Veracode acquired Longbow Security to help organizations effectively manage and mitigate application risk across the growing attack surface. The integration of Longbow’s latest capabilities, repo-risk visibility and analytics, closes the gap between development and security teams with greater visibility from code repositories to cloud assets and runtime images. It also sheds light on infrastructure-as-code and the risk of misconfiguration for cloud assets that originate in repositories.
Also Read: Stellar Cyber to Preview GenAI-Driven Open XDR Investigator at 2024 RSA Conference
“ Customers challenged us to apply our unique Longbow expertise in cloud risk and prioritization to the challenges they face managing upstream risk in their code repositories,” said Derek Maki, Vice President of Product Management at Veracode. “ We responded with a solution that provides visibility into the relationship between source code weaknesses and runtime security posture. Simultaneously, development teams gain a consolidated view of risk and tremendous time savings when it comes to prioritizing remediation, reducing code changes, and resolving issues quickly.”
This new feature complements Veracode’s latest innovation for GitHub repo scanning, which allows developers to streamline activities such as staging servers and environments so they don’t have to scan them over and over again. This makes it easier for development and security teams to collaborate on secure coding and scanning, as Veracode results are delivered to GitHub where developers can act immediately.
Security Debt Reduction: Veracode Fix in the IDE & Batch Fix
Research shows that 92 percent of developers based in the US already use artificial intelligence (AI) coding tools both on and off the job, with generative AI helping software engineers write code 35-45 percent faster . At the same time, other research suggests that code developed by AI has the same percentage of security flaws as code generated by humans.
Veracode was the first company to offer developers a solution with AI-generated secure code fixes. Since launching Veracode Fix at last year’s RSA conference, hundreds of customers have leveraged the solution to reduce their backlog security debt and risk. Ninety-two percent CWEs (Common Weakness Enumeration) with severity ranging from medium to very high can be addressed with AI-generated code edits from Veracode Fix .
With the introduction of Veracode Fix in the IDE, developers can now fix bugs faster with AI-suggested fixes directly in the IDE, without having to move to other applications or find alternative code options. The fixes can be implemented before the code is extended through the software development lifecycle, dramatically reducing the time and cost of fixing defects compared to retroactive fixes.
Batch Fix provides massive AI-assisted fixes of source code defects across multiple defects and files in a single action. This ensures that remediation of defects is much faster, which in turn promotes the reduction of security debt at scale. For example, developers can use this to solve a CWE that requires an easy-to-test solution and run it on several source files simultaneously.
Jarrett concludes: “ With these latest innovations, Veracode meets developers where they operate — in the tools they use every day — to help them secure the code they create today without sacrificing productivity. This greatly promotes efficiency and speed, fostering a culture of collaboration and trust between development and security teams.”
SOURCE: BusinessWire