Beyond Testing: The Human Element of Application Security

Companies of every size and in every industry are changing the world with software. From healthcare to agriculture, education, and manufacturing, software is enabling unprecedented advancement and innovation. But if that software is insecure, these innovations may get held up, or worse, put us at risk. And this is a very real concern; our most recent State of Software Security report found that 83 percent of applications had at least…

October 15, 2019
Read More >>

Making the Case for AppSec? Break Down Your Budget

The bottom line on corporate decision-making comes down to the bottom line. It’s critical to demonstrate value for any new or expanded initiative. Fall short, and your odds of success are greatly diminished. How do you build the financial case for more robust AppSec, when the focus is on the impact to the bottom line? The key is understanding how to effectively design and present a budget that makes sense…

October 10, 2019
Read More >>

Security and Development Agree, Coordinated Disclosures Are a Public Service

Shifting security left so that security testing becomes an integrated part of the development process helps companies improve software security. With software running our world, it is important to empower developers with the tools and processes they need to make security a part of their overall development process. Yet, even with a robust AppSec program that makes security a part of the development process, new vulnerabilities are found all the…

September 18, 2019
Read More >>

Why Are Schools Increasingly Targeted by Cyberattackers?

Schools, including universities, are increasingly becoming cyberattack targets. Just this month, the Monroe-Woodbury school district in Orange County, NY had to delay the start of school due to cyberattacks. And this incident was only one of a handful of cyberattacks on New York state school districts this summer. One school system, Rockville Centre in Nassau County, paid a cyberattacker $88,000 after a ransomware attack shut down the district’s mainframe. And…

September 12, 2019
Read More >>

Discovering Malicious Packages Published on npm

Sightings of malicious packages on popular open source repositories (such as npm and RubyGems) have become increasingly common: just this year, there have been several reported incidents. This method of attack is frighteningly effective given the widespread reach of popular packages, so we’ve started looking into ways to discover malicious packages to hopefully preempt such threats. The problem In November 2018, a malicious package named “flatmap-stream” was discovered as a…

September 4, 2019
Read More >>

Veracode Now Available on the Digital Marketplace G-Cloud UK

There is a deepening awareness that cyberthreats can never be eliminated completely, and digital resilience is an absolute necessity – and this is true for both private and public sector organizations and agencies. With this understanding, the UK Government created its G-Cloud Framework, which has transformed the way that public sector organizations can purchase information and communications technology in order to better build secure digital foundations. The program allows public…

August 22, 2019
Read More >>

Introducing the New Veracode Software Composition Analysis

Open source technology empowers developers to make software better, faster, and more efficiently as they push the envelope and delight users with desired features and functionality. This is a trend that is unlikely to fade – at least not in the foreseeable future – and has further fueled our passion for securing the world’s software. This is also why Veracode acquired SourceClear – we had a vision for the impact…

August 19, 2019
Read More >>

As Cyberattacks Increase, So Does the Price of Cybersecurity Professionals

Cyberattacks are on the rise, and companies are noticing. Everyone is in a scramble to avoid being the next corporation sweeping news headlines with the words “data breach” following. As a result, the demand for cybersecurity experts is skyrocketing, but there are a couple of problems. Not only are there not enough cybersecurity experts to fill those roles, but for the cybersecurity experts that are out there, they’re demanding a…

August 14, 2019
Read More >>

Live From Black Hat USA: The Inevitable Marriage of DevOps & Security

During her briefing with Kelly Shortridge, vice president of product strategy at Capsule8, Dr. Nicole Forsgren, research and strategy at Google, did a beautiful job of adding imagery to the story she told of the attendee reactions during the now-famous talk Paul Hammond and John Allspaw gave at Velocity in 2009. If you’re not familiar, the title of said talk was, “10 Deploys Per Day: Dev & Ops Cooperation at…

August 8, 2019
Read More >>