BURLINGTON, Mass.--(BUSINESS WIRE)--Veracode, a global leader in application risk management, today released a commissioned study conducted by Forrester Consulting on The Total Economic Impact™ (TEI) of Veracode’s Application Risk Management Platform. The study revealed that Veracode delivered a 184 percent return on investment (ROI) to customers over a three-year period, as well as a material Net Present Value and a payback period of less than six months.
Specifically, there were four key drivers of the economic impact:
- A 75 percent reduction in risk of software-based attacks
- 80 percent developer productivity recapture that can be reallocated to product innovation
- 85 percent efficiency gained in application security from increased automation
- Most noteworthy, a 20 percent growth in revenues from software security that drove new products, new market entries, speed to market, and security as a differentiator
With software supply chain attacks on the rise, security and DevSecOps leaders need ways to source solutions that demonstrably protect their organizations, while helping them prove the value of application risk management. Forrester conducted the TEI study to examine the potential ROI for enterprises using the Veracode platform. Based on a series of interviews with Veracode customers, Forrester constructed a $2 billion “composite organization,” with 10,000 employees, 800 developers, and a business goal of increasing development velocity in support of revenue growth. The findings below are representative of these aggregated insights.
Reduced Risk of Software-based Attacks
Use of the Veracode platform resulted in a 75 percent decrease in the risk of a software supply chain-based attack which reduced associated breach costs for the study’s composite customer by $1.5 million over three years. The composite analysis also revealed annual financial benefits of about $7.1 million per year over a three-year engagement versus an upfront cost of $2.5 million, inclusive of platform fees, internal and third-party development costs, ongoing administration adoption, training and development. When added together, the average NPV, or the total value of an investment opportunity for Veracode customers over three years, stood at $4.6 million, with a payback period of less than six months.
As one study participant, an Application Security Engineer, noted, “We have managed to eliminate all high and very high vulnerabilities across all of the apps now for two months. We run the reports and scans every day, and for two months we have not seen a single high- or very high-severity vulnerability show up. So, they’re not just fixing them; they’re preventing them by the reuse of known secure functions and modules across the code base.”
Developer Productivity Unlocked
The Forrester TEI analysis revealed that giving developers better visibility into security flaws earlier in the development process helps them rapidly reduce security debt. Use of Veracode’s platform resulted in an 80 percent improvement in developer productivity, totaling 70,000 developer hours and $3.41 million that could be reallocated to product innovation for the composite customer.
“We started scanning about a year ago and have worked through [approximately] 60 percent of the outstanding open-source [software flaws]. That’s 20 years of tech debt we’ve worked through in that time, largely because we were able to have the controls in place for software releases with Veracode,” another study participant, a CISO in the healthcare technology field, stated.
Efficiency Through Automation
Forrester determined that customers experience an 85 percent reduction in the effort and time required to remediate flaws when using Veracode’s tooling to automate manual workflows. The study found the use of automation transformed the process and efficacy of AppSec programs by freeing up almost 25,000 hours—equivalent to nearly three years. The resulting productivity gains saved $1.3 million for the composite customer, as well as enabling Veracode customers to scale their scanning capacity.
As one Head of Global Engineering Tools in the professional services sector commented, “I would say [prior to Veracode] we weren’t able to [triage] efficiently enough. … To do that properly then, you would spend at least 10 hours to evaluate [which scans to triage], and now you can do it by a glance.”
Customers Gain Competitive Advantage
Modern enterprises face the constant challenge of innovating and delivering secure code faster to stay ahead of the competition. The Forrester TEI study found using Veracode to accelerate and shift security earlier in the software development lifecycle enabled the composite customer to bring features and products to market faster, open new markets and revenue streams, and use security as a differentiator. Moreover, organizations increased their revenue by 20 percent, which made an additional $940,000 in profits for the composite customer directly attributable to using Veracode’s solution.
Another study participant, a Director of Risk and Security, affirmed Veracode’s innovation and speed of delivery; “We’re constantly delivering new feature functions every two weeks. Back in the day, a customer might be sitting on a version for three years with no feature function improvement and then go through an upgrade that takes six or eight months to get it, whereas now we’re deploying new features and functions every two weeks.”
Additional key findings of the Forrester TEI study included:
- Augmented reporting capabilities
- Higher levels of IT spend dedicated to security
- Optimized technology costs
- An improved security culture
- Improved developer experience and security maturity
“Ensuring organizations are effectively securing their software against cyberattacks, while facing the reality of constrained budgets, has never been more critical.” said Tim Jarrett, Group Vice President of Product Management at Veracode. “The Forrester TEI study reaffirms that Veracode not only provides businesses with top-tier services, but also delivers meaningful returns and business impact to increase agility and innovation. I’m grateful to our customers for sharing their experiences and helping us demonstrate the true value of Veracode’s platform. This is why organizations place their trust in us every day.”
The Forrester TEI study provides a framework to evaluate the potential financial impact of the Veracode platform on organizations. Forrester interviewed four representatives with experience using the Veracode platform. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single, “composite organization” with $2 billion in annual revenue, 10,000 full-time employees, 1,000 managed apps, 800 developers, and a business goal of increasing development velocity in support of strategic revenue growth.
For more information on the Total Economic Impact™ of Veracode, download the complete study and join a LinkedIn Live where the benefits will be discussed.
About Veracode
Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.
Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.
Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
