According to Veracode, traditional on-premise tools are inadequate, often inaccurate and unreliable, creating a reputation for returning high false positive rates.
It's against this background that Veracode has developed what it claims is a complete cloud-based application security service.
Under the enhanced SecurityReview service, clients get access to an automated static binary and dynamic web application testing facility that allows companies to upload applications automatically and download line-of-code specific vulnerability identification plus remediation instructions.
Over at Bloor Research, Nigel Stanley, the research firm's head of security analysis, said that, by integrating cloud-based testing capabilities directly into tools that are part of a developer's everyday life, Veracode is completing the 'last mile' needed to deliver the advantages of both static and dynamic cloud-based security testing into an on-premise development environment.
"It's one of the few really useful examples of the cloud that I have seen and the potential is clear: more secure code for substantially less developer effort", he said.
Jon Stevenson, Veracode's vice president of engineering, meanwhile, said that, until now, developers responsible for incorporating security testing into their development lifecycles have had two options - on-premise tools with high false positive rates, or manual third-party penetration testing that can be both time consuming and costly.
"With this announcement, we are truly offering developers the best of all worlds - the integration advantages that on-premise tools have sometimes delivered plus the benefits of an expert security partner", he said.