“Having Veracode VerifiedTM enables us to enter into the discussions with the CIO of the largest districts with extreme credibility.”
Veracode enables SchoolCNXT to improve code quality and increase confidence among customers and prospects
Veracode enables SchoolCNXT to improve code quality and increase confidence among customers and prospects.
The Challenge
The SchoolCNXT application houses sensitive information about students, faculty, and parents, so it needs to be secure. Application security is especially critical in the current economic climate as cyberattackers are exploiting the pandemic for personal gain. In fact, the FBI found that cyberattacks have increased by 400 percent over the past several months. If a security breach occurs, it would not only expose the users’ sensitive information, but damage SchoolCNXT’s reputation, and possibly lead to both the company and the Department of Education being sued.
SchoolCNXT is also challenged with mistrust from undocumented families, which make up a portion of SchoolCNXT’s customer base. “Many of those families are undocumented and their levels of trust with the government, including – sometimes – the school districts is rather low, and that’s understandable,” said Paul Caliandro, Chief Executive Officer of SchoolCNXT. Undocumented families need the reassurance that their conversations in the application are secure and confidential.
The Solution
Paul Caliandro previously worked in IT security and was familiar with Veracode. So, when it came time to select an AppSec vendor, he turned to Veracode. SchoolCNXT is a cloud-based platform, so Caliandro and team were hoping for a cloud-based AppSec vendor. Since Veracode offers the application security industry’s only cloud-native SaaS solution, combined with over a decade of experience helping customers develop effective AppSec programs, it was the clear choice for SchoolCNXT.
Aside from being a native SaaS solution with years of expertise, it was also important to SchoolCNXT that Veracode offers penetration testing in its AppSec testing mix. SchoolCNXT had been scanning its code sporadically prior to selecting Veracode but wanted a penetration test before selecting additional testing types. The penetration test conducted by Veracode exposed some medium-risk vulnerabilities, which were fixed immediately. From there, SchoolCNXT decided to add on static analysis and software composition analysis to scan its first- and third-party code.
The Results
Since implementing Veracode, SchoolCNXT has been pleased with the results. As Paul Caliandro stated, “We found it to be enormously successful, and it’s helped us improve the quality of our code.” With higher quality code comes increased security and decreased vulnerabilities, which gives both employees and customers peace of mind.
“Knowing that we’re entrusted with such private information, security is very important to us, and I don’t know how we would achieve the level of confidence in our security without a tool like Veracode. I know that nothing’s going out to production that hasn’t been scanned by Veracode, and I sleep really well at night knowing that we are not an easy target for malicious attackers,” said Jack Collier, a software developer for SchoolCNXT.
SchoolCNXT customer May Wong Lee, principal of PS 42 Benjamin Altman school, is also at ease knowing that SchoolCNXT is proactively securing its application. “All my families use SchoolCNXT. Whether they are here legally or not, I trust SchoolCNXT to keep all information safe. We are a public school. We serve all in our community. That’s the trust I put into SchoolCNXT, and that’s the trust that my families put into SchoolCNXT,” Lee remarked.
SchoolCNXT has also enrolled in Veracode VerifiedTM, a three-tier program that helps AppSec customers advance their programs to the highest level of security. For each level reached, the customer receives a badge and documentation attesting to the accomplishment. The badge and documentation can be used with prospects and customers to show a commitment to security.
“[Veracode VerifiedTM] is really, really important to us,” said Caliandro. “We speak and interact very often with the highest level in the IT organization of these school districts, and security is always a central topic of discussion. Having Veracode Verified enables us to enter into the discussions with the CIO of the largest school districts in the country with extreme credibility. So, we no longer have to prove ourselves as having achieved security. We can show them, and we can demonstrate through the achievement of Veracode Verified, which gives us a competitive advantage.”
Matt Hausmann agrees, stating, “from the chief marketing officer perspective, it’s something that I know is important to not only our current customers but to our prospects and others that we’re talking about. The ability to say that we are Veracode Verified carries a tremendous amount of weight.”
Overall, SchoolCNXT has “come out of [the process] as a better company with a better and more secure platform,” according to Caliandro. And with new product releases and plans to attain the next tier of Veracode VerifiedTM, the sky is the limit for SchoolCNXT.
“Knowing that we’re entrusted with such private information, security is so important to us, and I don’t know how we would achieve the level of confidence in our security without a tool like Veracode.”
Jack Collier
Software Developer, SchoolCNXT
About SchoolCNXT
SchoolCNXT is a social impact company with a specific interest in opening the dialog between home and school. In urban environments, like New York City, a large population of parents and guardians struggle to communicate with their children's teachers due to technology, language, or literacy challenges. In fact, a recent survey from the National Center for Education Statistics unveiled that 21 percent of US adults possess low literacy skills. And out of the districts that SchoolCNXT serves, 30 to 40 percent of families do not speak English at home and don’t have access to laptops or iPads.
SchoolCNXT was able to solve this communication barrier by creating an application for two-way communication between parents and teachers. The application is compatible with all smartphones – which most SchoolCNXT families have – and can translate conversations into over 100 different languages. The application also has the ability to read conversations out loud for individuals with literacy challenges, “enabling that Spanish speaking mom or that Vietnamese speaking father the ability to reach out to their child’s teacher just the way that a parent that speaks English could,” according to Matt Hausmann, Chief Marketing Officer of SchoolCNXT.