bugScout® works with the early detection of security vulnerabilities in software audits or continuous integration.

About Sabesp

Sabesp is a company that provides water and waste collection services in the State of São Paulo. Sabesp’s services reach 27.7 million people with water supply and more than 21.4 million people with sewage collection.

The challenge

Diagnose security and development problems in applications, with a monthly volume of more than 30 million lines.

The solution

bugScout® started the culture of safe development and code quality in 2014 at Sabesp, with the implementation of the platform. The applied Solution submits its own and third party systems to source code analysis to detect vulnerabilities; teams gained productivity after applications went through targeted corrections.

The solution allows the automation of the DevOps treadmill, the analysis of vulnerabilities and quality in the source code in an automated way, bringing complete results to correct the occurrences.

“The work is done by sampling, to reduce time and investment, and later on throughout the application. Suppliers are informed about the tests even before hiring and are then instructed to make the necessary corrections. The analysis of the entire source code of the application follows the pattern of use of these systems within the company ”, explains Daniel Bocalão, manager of the connectivity and information security department at Sabesp.

More than 200 applications were analyzed, a monthly volume of more than 30 million lines.

“We noticed a very big increase in productivity after the applications went through the corrections guided by bugScout®”, says Bocalão.

What do our customers tell us?

“With bugScout’s managed services for application security, we increase the efficiency of our work, which allows us to comply with the company’s Information Security Master Plan,” says Daniel Bocalão, manager of connectivity and information security department at Sabesp .

The executive also reports that changes also occur in procedures related to internal development and the acquisition of software in the market, with a new item being added to the notices, stating that any contracted solution will have to pass through bugScout®.

“This also affected the software industry, whether the supplier is recognized for its quality or not. He will also go through this. In the end, we realized this whole process is good for Sabesp and for the manufacturer, who can improve their products for the market ”, he details.

Follow in the media:



Sabesp avança em Segurança por meio de Serviços Gerenciados