California Department of Technology Application Security Program

This document is a case study detailing the California Department of Technology's (CDT) implementation of an application security (AppSec) program with the assistance of Veracode. The CDT manages software for the State of California, including the maintenance of the www.ca.gov site, which serves millions of residents and visitors. The case study outlines the challenges faced by CDT, including the need for a unified security process across its teams and compliance with stringent regulatory requirements. CDT chose Veracode for its ability to provide a scalable and easy-to-implement AppSec solution. The document describes the implementation of Veracode's Static Analysis and IDE Scan, which helps developers write secure code early in the development process. The results section highlights improvements in secure coding practices, reduced rework costs, and faster time to market for software deployments. CDT aims to serve as a model for other California agencies in adopting AppSec solutions to enhance security and efficiency.