The tool is great in terms of ensuring our code is clean, recommending best practices, and capturing the flaws in third-party components.

It's bringing clarity to the flaws that we can mitigate, and that's the main purpose. We can have a brisk conversation about the flaws. Not all flaws need to be fixed because there might be other protection measures implemented.

Veracode has improved our organization's ability to fix flaws, and fixing vulnerabilities has sometimes required us to develop new features. This has actually helped us and made our applications better.

Veracode has been incorporated into our process, which helps us fix flaws. Whenever we develop external websites, we consider the code, the scanning, and everything else involved. This ensures that we are prepared and have enough time to receive the scan results and fix any issues. We have essentially incorporated this into the lifecycle of our project, which I believe is very valuable.

Veracode's reporting function and executive summary help us emphasize the security of our business-critical products to our business, which also helps us get sponsorship from our management to fix flaws and move forward.

Veracode has helped us fix flaws effectively. Our security teams enforce monitoring and fix deadlines for reported flaws. If a reported flaw cannot be accepted as a false positive, we must fix it promptly to maintain a high success rate.

Veracode has significantly improved our speed in fixing software flaws. It has also transformed our approach to addressing issues. Previously, we spent considerable time investigating the root cause of errors in the code. Now, thanks to Veracode, we can devote more of our intellectual resources to directly fixing the system, which ultimately results in a more efficient product for our users.

Veracode has helped reduce our time to remediate security flaws.

Veracode is highly efficient at fixing flaws. A single person can go through and do a penetration test after collecting the data from Veracode. Instead of telling developers where the issue is, they can show them in the code editor for the static analysis. They can assign tasks to the team using Jira, so developers almost never need to do that work. They actually almost never go back and fix any of these vulnerabilities. That's why I was my company's most hated and most loved man. I forced them to do it.

Veracode assists our application team in fixing flaws by identifying issues and guiding the team toward resolving them.

Veracode helps us to fix flaws. They provide very good recommendations. It is very easy for a developer to fix the flaws. They provide a specific solution.

It has helped us fix flaws. We know what's there, and there's generally a decent explanation for fixing each flaw. It's a quicker time to market. It's easy to figure out the problem and solve it we don't have exposed vulnerabilities in the market.

Veracode Fix has affected our time to remediate security flaws in cases where we've been able to use it correctly because the proposals were on point, and it's been great. We've seen that in the same sprint that we were developing the features, now those features are implemented without any technical security debt. What happened before was that we needed another sprint to solve those technical debts. So we haven't seen an increase in time, and the speed of development of the teams is better, and now the product is being delivered with less technical debt.

Regarding remediation, based on my experience, the recommendation from Veracode on remediation is quite helpful. It gives valid reasoning, and the recommendation is fixed. The developers actually understand how to fix that. However, some of the recommendations, such as upgrading a certain library to version XYZ, sometimes don't go deeper because some of these libraries are not as simple as just changing the version to fix them. There are interdependencies with other third-party components. Sometimes, when the recommendation asks to upgrade the version to XYZ, when we actually upgrade it, there will be another issue with other things.

The automated scanning process helped identify and fix vulnerabilities earlier in the development process.