Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Security sandbox for software developers

Veracode : 05 August, 2016  (New Product)
Veracode is helping software developers to incorporate security into their designs with the use of the Veracode Developer Sandbox
Security sandbox for software developers

Veracode Developer Sandbox has been released, a patented new feature in the Veracode application security platform.  Developer Sandbox changes the dynamic between developers and security/risk teams, giving developers more control of the application security process early in the development lifecycle while improving the accuracy and effectiveness of formal policy-based software review processes.

With Developer Sandbox, developers can scan full applications or individual components as they write them, so they can make improvements before sending the software for a formal policy or security review. This helps eliminate the ‘scan and scold’ dynamic that’s existed in the past, where even scans of early versions of code fed results to security and risk teams, creating the perception of software risk or compliance failures for the business well before the application is launched or the developer had a chance to make changes.

Developer Sandbox also helps developers working in agile or DevOps environments, because it enables earlier, more frequent testing of code for security risks as software is being developed, fitting into shorter development cycles and more frequent release cadences. The result is higher-quality code entering the formal review process, reducing the chance that critical security risks are identified late in the development process which can force a no-win decision between delaying release or incurring business risk.

“Developers have sometimes been left out of the security discussion in the past,” said Sam King, Chief Strategy Officer for Veracode. “The reality is developers want to write great code that’s secure code, but often don’t have access to tools that fit with the way they work. Developer Sandbox will help change that equation, giving them access to the industry’s most powerful application security platform in a way that works for them.”

Software developers often don’t have formal training in secure coding practices. In fact, Veracode’s State of Software Security report shows that security risks are sometimes introduced through misconfigured SSL or encryption – the very features initially implemented to improve security. Veracode Developer Sandbox uses the full Veracode static scanning engine, which has been tuned and improved through the experience of scanning nearly 2 trillion lines of code. This gives these developers who may not have deep security skills a powerful aid in creating more secure code, as well as a place to practice and learn to code securely.

In conjunction with tools such as Veracode’s Software Composition Analysis, which identifies risks in the open source components often used in software development today, and Veracode’s in-line education tools that help developers learn how to fix vulnerabilities as they write their code, Veracode is making secure software development an easier, more seamless part of the entire software development lifecycle.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo