Security Analyst at a tech services company with 11-50 employees
Reseller
Top 20
2023-08-31T07:43:00Z
Aug 31, 2023
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
Chief Software Architect at a tech services company with 51-200 employees
Real User
Top 20
2023-08-25T13:38:00Z
Aug 25, 2023
I found Veracode very expensive, though I'm not the person paying for it. I was surprised to find out how much the subscription costs and that the executive board approved it, but it was a no-brainer because now my company has better security scans. What I can tell others looking into Veracode but concerned about its price is that the price or cost is justified. After all, you can tell potential clients that your software is better than competitor software because you're scanning it and Veracode-verified. The verification levels of Veracode are essential because you can use Veracode to start climbing up the ladder to say that your software's even more secure than anybody else because it achieved this level of verification. In terms of Veracode reducing the cost of DevSecOps in our company, we find that tough to determine because we never had a real concentration on DevSecOps before Veracode. It was forced on us by the fact that the industry was becoming more vulnerable, so now we are experiencing an increase in price in DevSecOps because we're paying attention to it now. We used to skate by and weren't affected by vulnerabilities. Still, because the industry had more vulnerabilities, our customers asked if we were scanning our software, so we had to find a solution and add DevSecOps to address industry needs.
The pricing is expensive. However, if you have applications and not enough people to analyze the flags, you must use Veracode as it delivers very few false positives.
Executive Director at Precise Financial Systems Limited
Real User
Top 10
2023-08-11T15:16:00Z
Aug 11, 2023
The cost of Veracode is high. There comes a point when we must make a decision between cost and quality, and we chose to prioritize quality by selecting Veracode. The confidence that Veracode instills in both our developers and clients justifies the associated cost. We have four solution licenses for the static analysis scans.
We are not using the licensing much because we have a strict internal licensing policy. We mostly avoid GPL licenses and their flavors. Managing the licenses can be tricky. Sometimes you add a library and build some functionality around it, so it may cause some problems to remove it from its source. Cost is an issue at every stage because you need to evaluate what you're spending and what you expect from the project. You should use common sense and clearly understand the pros and cons. It's hard to say whether the solution is cheap or expensive because it depends on your company's needs. Some companies need Veracode for compliance requirements, and it doesn't matter how expensive it is. It's costly, but it's the best in the industry. You can get something that does the job but it's like a car. You might buy a clunker for a few hundred dollars or an Infiniti for a hundred thousand.
Product Marketer at a media company with 1,001-5,000 employees
Real User
Top 5
2023-07-10T07:19:00Z
Jul 10, 2023
The pricing is fair. We are planning to renew for the next year. It's definitely value for money. I would tell someone who is looking at Veracode not to be concerned about the pricing because the value that they will get, for this price, in the market, is very good when it comes to their long-term plans.
The commercial guys take care of the pricing, it's not something I'm involved in. But the licensing is simple. The SAST product has some rules that some customers have found a little confusing, but overall, the licensing is simple.
Security Lead at a retailer with 10,001+ employees
Real User
Top 10
2023-05-19T13:46:00Z
May 19, 2023
Aside from the standard licensing fees, we also have to pay for a competent Success Manager. We initially received a favorable deal in the first year, presumably to secure our business, but we have since observed a gradual annual increase in costs. I would definitely recommend having a Success Manager in the first year. Once the teams become more mature, companies like Synopsys, Veracode, Checkmarx, and others are large enough to offer competitive deals if they are interested in our business. For small businesses, using open source tools would be worth considering. With Veracode, we pay for the research they have conducted and have gained a deep understanding of various flaws. Their risk rating aligns well with our requirements, which is beneficial. We rely on this tool and find it fantastic from a data perspective. The data provided has greatly assisted us in our strategic decision-making.
Veracode's price is reasonable because of the value it offers. If you don't catch bad code before it goes into production, you have to spend money to rework it, and a security failure in your product can cost your company. We think it's worth what we pay. It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount.
We can afford Veracode, but it's too expensive for small enterprises. If you're concerned about the price, you should weigh the benefits you can achieve. It has saved us a lot of money on DevOps. We save about $500 a month by not outsourcing this work to experts.
Veracode's price is reasonable. It depends on your goals for the solution and the size of your company. It's affordable in our case. However, it might be too expensive for smaller companies without a large budget or a significant market for their products. The licensing model is transparent. They don't license their products per module. You get all the modules for one annual license. Veracode's price isn't so high if your goal is to save time while delivering secure, stable, and compliant products to your client. It might be hard for a startup to justify the cost if they haven't been in the industry for long and can't predict the size of their customer base a year from now. You should consider the market and what you hope to achieve using Veracode.
The pricing and licensing are reasonable, and relatively straightforward, and different licensing and subscription models are available. To someone considering Veracode but concerned about the price, it can be a challenge for small and mid-sized organizations, but it's a good choice for larger enterprises. If security is a primary concern for any organization, they should consider Veracode; they won't be disappointed.
When I looked at the pricing, it was definitely a value. In terms of the service and what it's checking, the cost was very reasonable, particularly because we could have multiple code bases as part of a project. Make sure that you're comparing apples to apples if you're concerned about the price of Veracode versus what you're reviewing. Some of the stuff that Veracode does and applies is not the same for other services. When I really compared apples to apples, I found Veracode to be rightly priced. There were no costs in addition to the standard licensing fees, although we just signed up for a couple of other products.
Security Engineer at a comms service provider with 10,001+ employees
Real User
Top 10
2023-01-09T23:33:00Z
Jan 9, 2023
They have made it worth the price with the kind of discount and the kinds of modifications they made for us with regard to licensing. Previously, it was per profile. But they have adjusted according to our requirements because we are a big company and we handle a lot of applications. There's a tiered discount that they have provided us, so the cost is justified. If someone looking at Veracode is concerned about the price, it depends on their requirements. I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing. Obviously, there are other cutting-edge solutions that have become available recently, but Veracode is something that a big organization should look at.
Senior Software Engineer at a tech vendor with 11-50 employees
Real User
2022-12-02T19:58:00Z
Dec 2, 2022
The price is reasonable and affordable for a small company like ours. Veracode provides a lot of features. You can purchase some additional tools. For example, we are currently testing software composition analysis. We discussed adding that to our standard package.
Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive. There is also a fee for the support package, which I think is extremely expensive. We used to have the premium support and we didn't use most of it, so we're downgrading to the basic support, and even the basic support is expensive.
Senior Director, Quality Engineering at Everbridge
Real User
2022-06-06T14:54:33Z
Jun 6, 2022
Veracode recently introduced some pricing based on microservices. This model gives us a lot of flexibility in being able to add and remove microservices and scale them that way. The pricing is solid. I think with the current consolidated pricing that we have is pretty consistent every year.
Sr. Partner IT and Information Security at themathcompany
Real User
2022-04-27T08:20:00Z
Apr 27, 2022
The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us. It's an expensive product but we are paying for quality.
From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately. I like that the platform provides you with some flexibility. We had to revise our licensing because it did not fit our environment. We wanted to license based on the number of applications, rather than another measure such as the number of lines of code. There was clearly some complexity that led us to be in that situation, although it seems preventable. Ever since our last renewal, the licensing has been smooth and clear. There is a certain amount of flexibility in that regard but also, they allow us some leeway in our current model. There have been times when for some reason, we spin up a new application on a temporary basis. It may be because we're trying a new configuration. Even though we're licensed for a certain number of applications, the platform lets us exceed that. Consequently, we receive an email stating that we can't do that forever, but it's very useful to have the flexibility for the couple of times that we've used it to briefly exceed the application account.
I don't have enough information to be able to comment on the cost of licensing the product. That's more of a sales question. I don't handle any aspect of that part of the solution.
The pricing for qualified startups such as Neo4j could be improved. It allows startups to develop a secure product, but it takes time for startups to get money for the products. Veracode could provide the services, at a significantly lower price during that period with a condition that the moment that it becomes production, Veracode has to be paid. If they would change that, it would be phenomenal for the entire industry and for them. Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward.
Head Of Information Security at a media company with 51-200 employees
Real User
2020-11-11T08:18:00Z
Nov 11, 2020
The pricing is really fair compared to a lot of other tools on the market. It's not like a typical SaaS offering. Let's say you got SaaS software from G Suite. You're going to get Google Docs and Google Drive and Google Sheets, etc. It's going to be the same for everybody. But in Veracode, it's not. You buy a license for specific kinds of scanners. I had two licenses for static analysis scanners and one license for a dynamic analysis scanner.
Principal for the Application Security Program and Access Control at a engineering company with 10,001+ employees
Real User
2020-11-09T08:11:00Z
Nov 9, 2020
It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent. We bought the product for its expected benefits, in terms of all the bells and whistles that we saw during the sales cycle. When it came time to really implement it, that is where we have been having buyer's remorse.
I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good. It's just a good product, overall.
Sr. Security Architect at a financial services firm with 10,001+ employees
Real User
2020-05-28T18:19:00Z
May 28, 2020
For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization.
Managing Principal Consultant at a tech vendor with 11-50 employees
Real User
2019-06-11T11:10:00Z
Jun 11, 2019
This solution is on the pricey side. They have just streamlined the licensing and they have a number of flexible options available, so overall it is quite good, albeit pricey.
They just changed their pricing model two weeks ago. They went from a per-app license to a per-megabyte license. I know that the dynamic scan was $500 per app. Static analysis was about $4500 yearly. The license is only for the number of users, it doesn't matter what data you put in there. That was the old model. I do not know how the new model works. We are in negotiations with Veracode. The old model was about $500 for dynamic analysis and about $4500 for the static analysis, per app or service, per year. Veracode offers a lot of other license options that you can put on top of what we just discussed, but I don't think we ever looked into any of those. The way we implemented it was very straightforward. You have your app and you pay this much for both dynamic and static licensing. That's all we cared about per year.
AVP, IS Manager at a financial services firm with 1,001-5,000 employees
Real User
2018-11-12T09:12:00Z
Nov 12, 2018
We are about to enter discussions for renewal. I have heard there may be some changes to pricing. I will reserve judgment until the discussions are complete.
Chief Information Security Officer with 501-1,000 employees
Real User
2018-11-01T11:57:00Z
Nov 1, 2018
We're always looking to save the taxpayers' money. I used to tell my vendors, sharpen those pencils and make the tip laser-sharp. When it can be, I want it to be less expensive, but you get what you pay for too. Vendors need to be fair and I think Veracode has been fair. We use their SaaS solution and it's just an annual subscription.
It is pricey. There is a lot of value in the product, but it is a costly tool. The customer should demand better turnaround times for the money that they are paying, especially around the reporting and standing up processes that we need to go through. It needs much more technical information on the platform with a tool that can help with information or have 24/7 support available, then it will be worth the price that we are paying, because right now, we don't have many options. There are not may companies who are in the market for Veracode, who want this type of in-depth analysis and examination. That is why customers, with the money that they are paying, have room for improvement in the scope of the Veracode product. I recommend going for a one-year licensing with CA, because currently they are the leaders in this field with more features and a much better turn around time with a cheaper position, but there are a lot of new companies coming up in the market and they are building up their platforms. I suggest just not to get tied up with a long-term commitment, because I have seen with Black Duck that they are almost one-third of the price of the big platforms. Once there are the same features and functionality (or lot better performance) available in the market, people are going to migrate away from this platform. The market is changing so fast, and with the Black Duck acquisition, it is also expected that we may get a solution with a much faster platform with much better service at a cheaper price.
Information Security Engineer Team Lead at a hospitality company with 1,001-5,000 employees
Real User
2018-05-02T07:27:00Z
May 2, 2018
I think the pricing is in line with the rest of the tools. I think you get what you pay for. It is certainly not inexpensive, but the value proposition is there. There are certainly cheaper tools, but I don't think we'd be getting the support that we get with those, and that is what separates this product from the others. Regarding licensing, pay very close attention to what applications you're going to need to do dynamic scanning for, versus static. Right now, the way the licensing is set up, if you don't have any static elements for a website, you can certainly avoid some costs by doing more dynamic licenses. You need to pay very close attention to that, because if you find out later that you have static code elements - like Java scripts, etc. - that you want to have scanned statically, having the two licenses bundled together will actually save you money. You really need to understand how your application is going to be delivered and not think of it just as, "This is a website and this is a mobile app," or "This is a website and this is a fat client." Often, with new frameworks, you have websites - especially with Java specifically, which is not even a new framework - running Java, but you also have things running in a local Java sandbox on the machine, or on a Java virtual machine. You really want to understand how that application is being delivered to the end-user, and not just think of it as applications on a box and websites.
Director Security and Risk OMNI Cloud Operations at Manhattan Associates
Real User
2018-04-12T05:42:00Z
Apr 12, 2018
We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily. I'd say many customers might not quite go to that level. But that's their choice.
If you're licensing, and you're looking at licensing models, you might want to ask Veracode about their microservice, depending on the company. If you are a microservice architecture, I would suggest asking them about their microservice pricing. I would suggest that you evaluate that with your code and their other licensing model, which is like a lump sum in size of artifacts, and just make sure that you price that out with them, because there might be some tradeoffs that can be made in price.
Information Security Lead Analyst at a consumer goods company with 10,001+ employees
Real User
2018-03-20T11:53:00Z
Mar 20, 2018
I'm not the pricing guy. Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it.
I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this product. About licensing, just go ahead and get them. Get a license at the beginning of a project. Don't wait until the end, because you want to use the product throughout the entire software development lifecycle, not just at the end. You could be surprised, and not in a positive way, with all the vulnerabilities there are in your code.
Information Technology at a insurance company with 51-200 employees
Real User
2018-03-14T08:56:00Z
Mar 14, 2018
The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was. The licensing is fair, it is time-limited (e.g. one year) but there is a size cap for every app. If your applications are big (due third-party libraries, for example) you should discuss this beforehand and explore suitable agreements.
Senior Infrastructure Engineer at a healthcare company with 5,001-10,000 employees
Real User
2018-03-13T06:59:00Z
Mar 13, 2018
Just do your research. Make sure you're getting the best price on this. It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in. Then just see if it can work. Try and make sure you get the best price possible.
Director Software Engineering at a tech services company with 51-200 employees
Real User
2018-03-07T09:02:00Z
Mar 7, 2018
I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis...
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
I found Veracode very expensive, though I'm not the person paying for it. I was surprised to find out how much the subscription costs and that the executive board approved it, but it was a no-brainer because now my company has better security scans. What I can tell others looking into Veracode but concerned about its price is that the price or cost is justified. After all, you can tell potential clients that your software is better than competitor software because you're scanning it and Veracode-verified. The verification levels of Veracode are essential because you can use Veracode to start climbing up the ladder to say that your software's even more secure than anybody else because it achieved this level of verification. In terms of Veracode reducing the cost of DevSecOps in our company, we find that tough to determine because we never had a real concentration on DevSecOps before Veracode. It was forced on us by the fact that the industry was becoming more vulnerable, so now we are experiencing an increase in price in DevSecOps because we're paying attention to it now. We used to skate by and weren't affected by vulnerabilities. Still, because the industry had more vulnerabilities, our customers asked if we were scanning our software, so we had to find a solution and add DevSecOps to address industry needs.
The pricing is expensive. However, if you have applications and not enough people to analyze the flags, you must use Veracode as it delivers very few false positives.
The cost of Veracode is high. There comes a point when we must make a decision between cost and quality, and we chose to prioritize quality by selecting Veracode. The confidence that Veracode instills in both our developers and clients justifies the associated cost. We have four solution licenses for the static analysis scans.
Veracode's price is reasonable.
We pay based on the number of developers working on a particular project.
We are not using the licensing much because we have a strict internal licensing policy. We mostly avoid GPL licenses and their flavors. Managing the licenses can be tricky. Sometimes you add a library and build some functionality around it, so it may cause some problems to remove it from its source. Cost is an issue at every stage because you need to evaluate what you're spending and what you expect from the project. You should use common sense and clearly understand the pros and cons. It's hard to say whether the solution is cheap or expensive because it depends on your company's needs. Some companies need Veracode for compliance requirements, and it doesn't matter how expensive it is. It's costly, but it's the best in the industry. You can get something that does the job but it's like a car. You might buy a clunker for a few hundred dollars or an Infiniti for a hundred thousand.
The pricing is fair. We are planning to renew for the next year. It's definitely value for money. I would tell someone who is looking at Veracode not to be concerned about the pricing because the value that they will get, for this price, in the market, is very good when it comes to their long-term plans.
The commercial guys take care of the pricing, it's not something I'm involved in. But the licensing is simple. The SAST product has some rules that some customers have found a little confusing, but overall, the licensing is simple.
Aside from the standard licensing fees, we also have to pay for a competent Success Manager. We initially received a favorable deal in the first year, presumably to secure our business, but we have since observed a gradual annual increase in costs. I would definitely recommend having a Success Manager in the first year. Once the teams become more mature, companies like Synopsys, Veracode, Checkmarx, and others are large enough to offer competitive deals if they are interested in our business. For small businesses, using open source tools would be worth considering. With Veracode, we pay for the research they have conducted and have gained a deep understanding of various flaws. Their risk rating aligns well with our requirements, which is beneficial. We rely on this tool and find it fantastic from a data perspective. The data provided has greatly assisted us in our strategic decision-making.
Veracode is expensive.
Veracode provides value for the cost, with no additional charges apart from the standard licensing fee.
Veracode's price is reasonable because of the value it offers. If you don't catch bad code before it goes into production, you have to spend money to rework it, and a security failure in your product can cost your company. We think it's worth what we pay. It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount.
Veracode's pricing is on the higher end, but it is acceptable.
The licensing cost for Veracode is fair.
We can afford Veracode, but it's too expensive for small enterprises. If you're concerned about the price, you should weigh the benefits you can achieve. It has saved us a lot of money on DevOps. We save about $500 a month by not outsourcing this work to experts.
My advice to anyone considering Veracode will be to negotiate with the team directly and define what constitutes an additional application.
Veracode's price is reasonable. It depends on your goals for the solution and the size of your company. It's affordable in our case. However, it might be too expensive for smaller companies without a large budget or a significant market for their products. The licensing model is transparent. They don't license their products per module. You get all the modules for one annual license. Veracode's price isn't so high if your goal is to save time while delivering secure, stable, and compliant products to your client. It might be hard for a startup to justify the cost if they haven't been in the industry for long and can't predict the size of their customer base a year from now. You should consider the market and what you hope to achieve using Veracode.
The pricing and licensing are reasonable, and relatively straightforward, and different licensing and subscription models are available. To someone considering Veracode but concerned about the price, it can be a challenge for small and mid-sized organizations, but it's a good choice for larger enterprises. If security is a primary concern for any organization, they should consider Veracode; they won't be disappointed.
When I looked at the pricing, it was definitely a value. In terms of the service and what it's checking, the cost was very reasonable, particularly because we could have multiple code bases as part of a project. Make sure that you're comparing apples to apples if you're concerned about the price of Veracode versus what you're reviewing. Some of the stuff that Veracode does and applies is not the same for other services. When I really compared apples to apples, I found Veracode to be rightly priced. There were no costs in addition to the standard licensing fees, although we just signed up for a couple of other products.
They have made it worth the price with the kind of discount and the kinds of modifications they made for us with regard to licensing. Previously, it was per profile. But they have adjusted according to our requirements because we are a big company and we handle a lot of applications. There's a tiered discount that they have provided us, so the cost is justified. If someone looking at Veracode is concerned about the price, it depends on their requirements. I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing. Obviously, there are other cutting-edge solutions that have become available recently, but Veracode is something that a big organization should look at.
The price is reasonable and affordable for a small company like ours. Veracode provides a lot of features. You can purchase some additional tools. For example, we are currently testing software composition analysis. We discussed adding that to our standard package.
Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive. There is also a fee for the support package, which I think is extremely expensive. We used to have the premium support and we didn't use most of it, so we're downgrading to the basic support, and even the basic support is expensive.
Veracode recently introduced some pricing based on microservices. This model gives us a lot of flexibility in being able to add and remove microservices and scale them that way. The pricing is solid. I think with the current consolidated pricing that we have is pretty consistent every year.
The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us. It's an expensive product but we are paying for quality.
I was impressed with the pricing we got from Veracode. I was able to make it work very well within our budget.
From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately. I like that the platform provides you with some flexibility. We had to revise our licensing because it did not fit our environment. We wanted to license based on the number of applications, rather than another measure such as the number of lines of code. There was clearly some complexity that led us to be in that situation, although it seems preventable. Ever since our last renewal, the licensing has been smooth and clear. There is a certain amount of flexibility in that regard but also, they allow us some leeway in our current model. There have been times when for some reason, we spin up a new application on a temporary basis. It may be because we're trying a new configuration. Even though we're licensed for a certain number of applications, the platform lets us exceed that. Consequently, we receive an email stating that we can't do that forever, but it's very useful to have the flexibility for the couple of times that we've used it to briefly exceed the application account.
Veracode is very, very expensive, one of the most expensive security scanning tools available. We pay an annual license fee that is over $1 million.
I don't have enough information to be able to comment on the cost of licensing the product. That's more of a sales question. I don't handle any aspect of that part of the solution.
The pricing for qualified startups such as Neo4j could be improved. It allows startups to develop a secure product, but it takes time for startups to get money for the products. Veracode could provide the services, at a significantly lower price during that period with a condition that the moment that it becomes production, Veracode has to be paid. If they would change that, it would be phenomenal for the entire industry and for them. Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward.
The pricing is quite standard. It's not cheaper, it's not more expensive.
The pricing is really fair compared to a lot of other tools on the market. It's not like a typical SaaS offering. Let's say you got SaaS software from G Suite. You're going to get Google Docs and Google Drive and Google Sheets, etc. It's going to be the same for everybody. But in Veracode, it's not. You buy a license for specific kinds of scanners. I had two licenses for static analysis scanners and one license for a dynamic analysis scanner.
If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount.
It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent. We bought the product for its expected benefits, in terms of all the bells and whistles that we saw during the sales cycle. When it came time to really implement it, that is where we have been having buyer's remorse.
The solution is very pricey.
In addition to the standard licensing fees there's a support cost and an implementation cost at the beginning.
Veracode's price is high. I would like them to better optimize their pricing.
I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good. It's just a good product, overall.
For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization.
This solution is on the pricey side. They have just streamlined the licensing and they have a number of flexible options available, so overall it is quite good, albeit pricey.
They just changed their pricing model two weeks ago. They went from a per-app license to a per-megabyte license. I know that the dynamic scan was $500 per app. Static analysis was about $4500 yearly. The license is only for the number of users, it doesn't matter what data you put in there. That was the old model. I do not know how the new model works. We are in negotiations with Veracode. The old model was about $500 for dynamic analysis and about $4500 for the static analysis, per app or service, per year. Veracode offers a lot of other license options that you can put on top of what we just discussed, but I don't think we ever looked into any of those. The way we implemented it was very straightforward. You have your app and you pay this much for both dynamic and static licensing. That's all we cared about per year.
We are about to enter discussions for renewal. I have heard there may be some changes to pricing. I will reserve judgment until the discussions are complete.
No issues, the pricing seems reasonable.
We're always looking to save the taxpayers' money. I used to tell my vendors, sharpen those pencils and make the tip laser-sharp. When it can be, I want it to be less expensive, but you get what you pay for too. Vendors need to be fair and I think Veracode has been fair. We use their SaaS solution and it's just an annual subscription.
It is pricey. There is a lot of value in the product, but it is a costly tool. The customer should demand better turnaround times for the money that they are paying, especially around the reporting and standing up processes that we need to go through. It needs much more technical information on the platform with a tool that can help with information or have 24/7 support available, then it will be worth the price that we are paying, because right now, we don't have many options. There are not may companies who are in the market for Veracode, who want this type of in-depth analysis and examination. That is why customers, with the money that they are paying, have room for improvement in the scope of the Veracode product. I recommend going for a one-year licensing with CA, because currently they are the leaders in this field with more features and a much better turn around time with a cheaper position, but there are a lot of new companies coming up in the market and they are building up their platforms. I suggest just not to get tied up with a long-term commitment, because I have seen with Black Duck that they are almost one-third of the price of the big platforms. Once there are the same features and functionality (or lot better performance) available in the market, people are going to migrate away from this platform. The market is changing so fast, and with the Black Duck acquisition, it is also expected that we may get a solution with a much faster platform with much better service at a cheaper price.
Negotiate for the best deal.
The pricing is good for static code analysis.
Costs are reasonable. No special infrastructure is required and the license model is good.
I think the pricing is in line with the rest of the tools. I think you get what you pay for. It is certainly not inexpensive, but the value proposition is there. There are certainly cheaper tools, but I don't think we'd be getting the support that we get with those, and that is what separates this product from the others. Regarding licensing, pay very close attention to what applications you're going to need to do dynamic scanning for, versus static. Right now, the way the licensing is set up, if you don't have any static elements for a website, you can certainly avoid some costs by doing more dynamic licenses. You need to pay very close attention to that, because if you find out later that you have static code elements - like Java scripts, etc. - that you want to have scanned statically, having the two licenses bundled together will actually save you money. You really need to understand how your application is going to be delivered and not think of it just as, "This is a website and this is a mobile app," or "This is a website and this is a fat client." Often, with new frameworks, you have websites - especially with Java specifically, which is not even a new framework - running Java, but you also have things running in a local Java sandbox on the machine, or on a Java virtual machine. You really want to understand how that application is being delivered to the end-user, and not just think of it as applications on a box and websites.
We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily. I'd say many customers might not quite go to that level. But that's their choice.
We are satisfied.
Negotiate some, but their prices are reasonable.
Pricing/licensing is complicated.
We get good value out of what we have right now.
If you're licensing, and you're looking at licensing models, you might want to ask Veracode about their microservice, depending on the company. If you are a microservice architecture, I would suggest asking them about their microservice pricing. I would suggest that you evaluate that with your code and their other licensing model, which is like a lump sum in size of artifacts, and just make sure that you price that out with them, because there might be some tradeoffs that can be made in price.
I'm not the pricing guy. Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it.
I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this product. About licensing, just go ahead and get them. Get a license at the beginning of a project. Don't wait until the end, because you want to use the product throughout the entire software development lifecycle, not just at the end. You could be surprised, and not in a positive way, with all the vulnerabilities there are in your code.
The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was. The licensing is fair, it is time-limited (e.g. one year) but there is a size cap for every app. If your applications are big (due third-party libraries, for example) you should discuss this beforehand and explore suitable agreements.
Just do your research. Make sure you're getting the best price on this. It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in. Then just see if it can work. Try and make sure you get the best price possible.
Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need.
Pricing is worth the value.
It's worth the value.
I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform.
The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune.