SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Veracode unveils new AI-driven features for Veracode Fix

Yesterday

Veracode has announced new features to its AI-powered coding solution, Veracode Fix, which aim to significantly reduce the time needed for vulnerability remediation.

The enhancements include automated code fixes for up to 80% of first-party weaknesses, allowing developers to address issues in minutes rather than months.

Tim Jarrett, Group Vice President of Product Management at Veracode, stated, "Six months ago, we proudly signed the Cybersecurity and Infrastructure Security Agency's (CISA) Secure By Design pledge, which set out to build cybersecurity into the design and manufacture of technology products. To fulfil that promise, Veracode continues to invest in new features that shift security left and make it a more automated, frictionless experience for developers."

The development process is set to benefit as Veracode Fix becomes available in all integrated development environments (IDEs). This integration allows developers to fix vulnerabilities at the push of a button within their continuous integration and continuous deployment (CI/CD) pipelines.

Jarrett added, "We listened carefully to feedback from developers who loved the tool and wanted to integrate it into their workflows. With many of our customers building in environments like GitHub every day, we brought Veracode Fix directly into their Push/Pull Request activities."

With AI-generated code showing similar flaw rates to those created by humans, the need for efficient remediation tools is apparent. Veracode Fix, leveraging AI in conjunction with human expertise, targets first-party weaknesses, promising to save significant resources and reduce security debt.

The platform's capabilities were endorsed by Phillip Hagedorn, Cloud Architect at HDI Global SE, who commented, "One future success factor will be Veracode's artificial intelligence helping fix our findings. AI supporting fixes is a game changer. We have an approved plan for benefitting from AI, and it's time to roll it out."

In tandem, Veracode announced enhancements to the Veracode Risk Manager, previously known as Longbow Security. The upgrades provide teams with improved visibility and control over risk management, correlating risk from code to cloud for comprehensive remediation.

New advancements in the Risk Manager include a GitLab Repository Connector, facilitating root cause analysis and a more direct line to remediation. Additionally, features such as the GitLab Ultimate Security Findings and Custom Compliance Mappings aim to enhance compliance and risk prioritization.

Ravi Iyer, Veracode's Chief Product Officer, said, "These latest innovations underline the importance of building, buying, and deploying software that's secure by design. Our customers need solutions that help them identify, manage, and remediate risk at scale."

Veracode is a global specialist in Application Risk Management for the AI era. Powered by code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organisations to build and maintain secure software from code creation to cloud deployment.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X