Veracode Secures StateRAMP Authorization to Protect State and Local Cybersecurity

Cloud-based Platform Exposes Vulnerabilities to Help Improve Reliability of Public Sector Software

BURLINGTON, Mass. – May 1, 2023 – Veracode, a leading provider of intelligent software security solutions, today announced its attainment of State Risk and Authorization Management Program (StateRAMP).

StateRAMP offers state and local government agencies a standardized approach toward compliance to help them improve their overall security posture. Veracode obtained FedRAMP authorization in July 2022, and this week’s authorization by StateRAMP reaffirms the company’s commitment to deliver cloud-based application security software to agencies at all levels of government—federal, state, and local.

“High-profile attacks and vulnerabilities are significantly impacting the software supply chain across industries, and state and local government is no different,” said Claire Bailey, Regional Vice President of Governmental Affairs at Veracode. “Agencies need capabilities that allow them to protect the application layer. This authorization enables Veracode to support evolving state and local government security requirements. We look forward to assisting the StateRAMP mission of improving the cyber posture of public institutions and the citizens they serve.”

Veracode’s intelligent software security platform provides comprehensive application-layer protection to reduce risk in today’s dynamic threat environment. The platform supports a range of current and emerging cybersecurity requirements and best practices, including:

• Securing the software supply chain through capabilities such as the generation of a Software Bills of Materials (SBOM), which provides visibility into the open-source code components that are contained in a software product
• Integrating security into software development from the beginning of the process (‘shifting left’)
• Providing a developer-friendly user experience to integrate security into the software development life cycle
• Supporting cloud-native development and managing risk across the application portfolio
• Uniting security and development teams to address cybersecurity challenges

The StateRAMP authorization enables Veracode to support state and local agencies’ cybersecurity initiatives at a time of increased risk. A shortage of skilled IT security professionals has depleted the security teams of many state agencies, and Chief Information Security Officers report risks arising from persistent malware, ransomware, and phishing attempts, according to a recent National Association of State Chief Information Officers (NASCIO) survey.

Veracode’s recent State of Software Security 2023 report revealed that, over the last 12 months, more than 74 percent of applications contained at least one security flaw. Due to variation in the types of flaws that compromise application security, security teams should use a variety of scan types to discover elusive flaws.

Bailey added, “Security teams should have confidence in the options available to secure their cyber infrastructure and make their digital landscape a safer place overall. StateRAMP makes this goal much more attainable for state and local agencies. Veracode’s platform provides a single view of an organization’s security posture and compliance via powerful reporting and analytics, restoring confidence in the digital infrastructure of agencies.”

State and local agencies can access Veracode’s comprehensive software security platform—including static analysis, software composition analysis (SCA), dynamic analysis, pipeline scanning, eLearning, container scanning, API scanning, and infrastructure as code (IaC) scanning—on the StateRAMP Marketplace.