What is our primary use case?
The requirements are in such a place where the customers want to do a continuous assessment of their applications. The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution.
Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it. Then, we looked at the customer environment, different use cases, the client, and all those kinds of things. We started scanning a few of their applications, getting results, some eye-openers, and identifying critical assets. It's a continuous process, a three-year project, involving continuous security assessment across more than 300 applications. So, my tool, Code Dx, scans all these different applications, revealing design reserves, and it's part of a continuous improvement plan.
What is most valuable?
Code Dx is in the DevOps part of it. It helps us significantly. We work with security stakeholders, and DevOps consultants, and define a framework. We roll out that CRM works like a blueprint to all these stakeholders—developers and IT engineers—so that they follow it every time. When onboarding a new application, they need to perform all these prechecks to ensure safe onboarding. All these aspects are part of it.
What needs improvement?
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.
For how long have I used the solution?
I've been associated with this particular vendor for the last two years, but I've been in the security products and services industry for quite some time.
I provide the latest version of this solution.
What do I think about the stability of the solution?
It is a stable solution. I would rate the stability a nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability an eight out of ten. And the reason is, they are the leaders in the market, Gartner leaders, so they have come a long way. They have done a lot of R&D. So everything is futuristic and scalable. So I would definitely rate it eight plus.
Moreover, the solution is basically for medium enterprises and big organizations. Multiple group companies are the ideal customer base for this solution. It doesn't cater to the SMB or SMB market.
How are customer service and support?
There are areas of improvement in customer service and support. It has to be more regional-specifc and require more people on the ground.
How would you rate customer service and support?
How was the initial setup?
I would rate my experience with the initial setup a seven out of ten, where one is difficult to set up and ten is easy. It's challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing model an eight out of ten, where one is low and ten is high. Because it is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody.
So, price is also something that I would like to improve.
What other advice do I have?
I would advise proper planning in terms of adapting to their use cases is something that you need to be aware of. There should be an internal stakeholder who understands why you want this solution. So that makes the full utilization of this particular technology. Just like there should be a need for this solution, then only, you can see the full value of this particular product.
Overall, I would rate the solution a nine out of ten.
