TechValidate Research on Secure Code Warrior®

Introduction

This case study of Oracle NetSuite is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service.

Challenges

The business challenges that led Oracle NetSuite to evaluate and ultimately select Secure Code Warrior®:

• Existing training was not interactive, contextual, or engaging for the development teams
• There was no way to effectively assess and benchmark a developer’s secure coding knowledge
• The struggle to identify and target skills/knowledge gaps in our team and build a program to address them

Use Case

• Prior to using Secure Code Warrior®, NetSuite was using internal employee training to educate its employees on secure coding. According to feedback from developers it was found that existing training was not interactive, contextual or engaging. It was also difficulty to assess a developers skill level and identify gaps in developer knowledge and skill.

Results

The Oracle NetSuite achieved the following results with Secure Code Warrior® Learning Platform:

• An increase in time spent by developers in training and eagerness to learn about secure coding
• Tournaments increase awareness
• Provides better education outcomes for my developers with a range of learning options and experiences
• Since implementing Secure Code Warrior, said they have accomplished the following:
  • Been able to effectively benchmark developer’s secure coding knowledge
  • The team is releasing code at about the same speed, but with fewer vulnerabilities and rework due to better quality code, with fewer recurring vulnerabilities.
  • Reduced/eliminated between 1% – 10% of common code vulnerabilities that were present in our code.

Introduction

This case study of a medium enterprise healthcare company is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Secure Code Warrior®:

• Existing training was not interactive, contextual, or engaging
• Existing training lacked relevance to everyday tasks their developers had to do
• The struggle to identify and target skills/knowledge gaps in our team and build a program to address them
• Difficulty to get everyone in the business onboard and engaged about Application Security and organization-wide awareness was poor

Use Case

*Prior to using Secure Code Warrior, the organization was using generic computer-based training solutions e.g Udemy, Pluralsight, LinkedIn Learning to train its employees on secure coding. Feedback from developers revealed that this form of training was not interactive, not contextual, or unengaging. It also lacked relevance to everyday tasks their developers had to do. Team managers found it difficult to identify and target gaps in developer skills and knowledge. The organization also found it a challenge to engage the rest of the company and improve organization-wide awareness regarding secure coding and application security.

Results

The surveyed company achieved the following results with Secure Code Warrior®:

• A cyber first organization that cares deeply about security
• Better quality code
• Fewer recurring vulnerabilities
• An increase in time spent by developers in training and eagerness to learn about secure coding
• Provides better education outcomes for my developers with a range of learning options and experiences
• Since implementing Secure Code Warrior, said they have accomplished the following:
  • Been able to effectively benchmark developer’s secure coding knowledge
  • Targeted skills/knowledge gaps in their team and build a program to address them
  • Said their team is releasing code at about the same speed, but with fewer vulnerabilities and rework due to better quality code, with fewer recurring vulnerabilities.

Introduction

This case study of a medium enterprise energy & utilities company is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Secure Code Warrior®:

• There was no way to effectively assess and benchmark a developer’s secure coding knowledge
• The struggle to identify and target skills/knowledge gaps in our team and build a program to address them
• Difficulty to get everyone in the business on board and engaged about Application Security and organization-wide awareness was poor

Use Case

• Prior to using Secure Code Warrior the organization was using internal employee training to train its developers on secure coding, this resulted in low organizational awareness in secure software practices, limited understanding of the teams skill-set and knowledge, and no way to effectively assess and benchmark their teams’ skills.

Results

The surveyed company achieved the following results with Secure Code Warrior®:

• An increase in time spent by developers in training and eagerness to learn about secure coding
• Higher engagement from everyone in the organization, to be part of the solution
• Provides better education outcomes for my developers with a range of learning options and experiences
• Since implementing Secure Code Warrior, said they have accomplished the following:
  • Been able to effectively benchmark developer’s secure coding knowledge
  • Targeted skills/knowledge gaps in their team and build a program to address them

Introduction

This case study of a Fortune 500 financial services company is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Secure Code Warrior®:

• Existing training was not interactive, contextual, or engaging

Use Case

• Prior to using Secure Code Warrior the organization was using a generic computer-based training solution to train its employees on secure coding. Feedback from their developers revealed that this form training was not interactive, contextual or engaging.

Results

The surveyed company achieved the following results with Secure Code Warrior®:

• Fewer recurring vulnerabilities
• Since implementing Secure Code Warrior, they have accomplished the following:
  • Target skills and knowledge gaps in their team and build a program to address them
  • Releasing code at about the same speed, but with fewer vulnerabilities and rework due to better quality code, with fewer recurring flaws.

As a result of using Secure Code Warrior, reduced/eliminated between 11% – 20% of common code vulnerabilities that were present in their code.

Introduction

This case study of a Fortune 500 automotive & transport company is based on a November 2020 survey of Secure Code Warrior® customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Challenges

The business challenges that led this fortune 500 company to evaluate and ultimately select Secure Code Warrior® were:

• Difficulty to demonstrate developer training attendance, concept retention, and competence for effective compliance training management
• There was no way to effectively assess and benchmark a developer’s secure coding knowledge

Use Case

• Prior to using Secure Code Warrior the organization was using Security Innovation to train its developers on secure coding. According to feedback from the program administrators, it was difficult to benchmark developers’ secure coding knowledge; retention of knowledge, engagement, and overall competency.

Results

The company achieved the following results with Secure Code Warrior®:

• Better quality code
• Fewer recurring vulnerabilities
• Increased awareness, with Tournaments
• Provided better educational outcomes for my developers with a range of learning options and experiences
• Since implementing Secure Code Warrior, they have accomplished the following:
  • Been able to effectively benchmark developer’s secure coding knowledge
  • Targeted skills/knowledge gaps in their team and build a program to address them
  • Releasing code at a significant rate with fewer vulnerabilities and rework due to better quality code, with fewer recurring vulnerabilities.
  • As a result of using Secure Code Warrior, reduced/eliminated between 21% – 30% of common code vulnerabilities that were present in our code.