Cloud-based Platform Exposes Vulnerabilities to Help Improve Reliability of Public Sector Software

Veracode, a top provider of sophisticated software security solutions, declared today that it has achieved StateRAMP (State Risk and Authorization Management Programme) certification.

In order to help state and local government organisations improve their overall security posture, StateRAMP provides a standardised approach to compliance. The StateRAMP authorization Veracode received this week confirms the company’s commitment to providing cloud-based application security software to agencies at all levels of government, including federal, state, and local. Veracode first received FedRAMP authorization in July 2022.

Claire Bailey, Regional Vice President of Governmental Affairs at Veracode, stated that “high-profile attacks and vulnerabilities are significantly impacting the software supply chain across industries, and state and local government is no different.” “Agencies require tools that enable them to safeguard the application layer. Veracode is now able to support changing state and local government security requirements thanks to this authorization. We are eager to support StateRAMP in its mission to strengthen the online safety of government entities and the people they serve.

In order to lower risk in today’s dynamic threat environment, Veracode’s intelligent software security platform offers comprehensive application-layer protection. The platform supports a variety of recent and emerging cybersecurity standards and recommendations, such as:

• Securing the software supply chain through capabilities such as the generation of a Software Bills of Materials (SBOM), which provides visibility into the open-source code components that are contained in a software product
• Integrating security into software development from the beginning of the process (‘shifting left’)
• Providing a developer-friendly user experience to integrate security into the software development life cycle
• Supporting cloud-native development and managing risk across the application portfolio
• Uniting security and development teams to address cybersecurity challenges

Veracode is now able to support state and local agencies’ cybersecurity initiatives during a time of increased risk thanks to the StateRAMP authorization. According to a recent National Association of State Chief Information Officers (NASCIO) survey, a lack of qualified IT security professionals has decimated the security teams of many state agencies, and Chief Information Security Officers report risks from persistent malware, ransomware, and phishing attempts.

More than 74% of applications had at least one security flaw over the previous 12 months, according to Veracode’s recent State of Software Security 2023 report. Security teams should use a variety of scan types to find elusive flaws because the flaw types that compromise application security vary.

“Security teams should have faith in the options available to secure their cyber infrastructure and create a more secure digital environment overall,” Bailey continued. StateRAMP helps local and state governments achieve this objective much more easily. Veracode’s platform restores trust in agencies’ digital infrastructure by offering a unified view of an organization’s security posture and compliance through robust reporting and analytics.

Veracode’s thorough software security platform, which includes static analysis, software composition analysis (SCA), dynamic analysis, pipeline scanning, eLearning, container scanning, API scanning, and infrastructure as code (IaC) scanning, is available to state and local agencies on the StateRAMP Marketplace.