Case Study: The Depository Trust & Clearing Corporation achieves holistic application risk visibility and 10x reduction in developer security time with Brinqa

Using Brinqa to Improve Application Security and Reduce Risk

The Depository Trust & Clearing Corporation (DTCC), a Fortune 500 financial services firm that provides clearing and settlement services, faced a growing application security challenge: thousands of internally developed and third‑party applications, 300+ developers producing 500–1,000 builds a day, and no consistent way to quantify or compare application risk across the SDLC. Tool‑centric security (multiple AST tools like Fortify, Burp, Nexis) slowed development and forced developers to log into many systems, so DTCC engaged Brinqa and its Brinqa Risk Analytics platform to create a unified, quantifiable approach to application risk (DTCC’s DAVS scoring initiative).

Brinqa implemented its Risk Analytics solution to ingest and correlate data from SAST, pen tests, FOSS scans, GRC and asset systems, applied CWSS‑based prioritization and risk evaluation gates in DTCC’s CI/CD pipeline, and delivered a single console for executives, app owners and developers. The Brinqa deployment enabled real‑time business risk decisions, produced a holistic view of application risk, and drove concrete gains — a 10x reduction in developer time spent in security tools, an 85% drop in monthly security team reporting time, and faster, environment‑aware remediation prioritization.

Depository Trust & Clearing Corporation