Author: [email protected] (hgoslin)

Veracode has been recognized in a report Forrester Research recently released, The Forrester Wave™: Software Composition Analysis, Q3 2021. The report helps security professionals select a software composition analysis (SCA) vendor that best fits their…

IT workloads are increasingly moving to the cloud, changing the way organizations develop and deliver software. Deploying and running production systems is now separate from the hardware and network, infrastructure is defined through code, and operatio…

As a result of the Covid-19 pandemic, organizations in all industries ramped up their digital transformation efforts to make online operations easier for their employees and customers. But with more and more organizations online, the digital attack sur…

We recently published a special open source edition of our annual State of Software Security (SOSS) report. The State of Software Security v11: Open Source Edition analyzed the data collected from 13 million scans of more than 86,000 repositories, cont…

The Biden administration released a new executive order for cybersecurity on May 12, 2021. Although many know the overarching message of the executive order, it’s also important to know the specific details outlined in each section. As our CEO Sam King…

In today’s digital world, we practically live on our phones or computers. Chances are, you don’t go more than 15 minutes without checking your email or social media. And you probably get most of your news from the Internet.
But how do you know what inf…

In today’s digital world, we practically live on our phones or computers. Chances are, you don’t go more than 15 minutes without checking your email or social media. And you probably get most of your news from the Internet.
But how do you know what inf…

Chris Wysopal, Co-Founder and CTO at Veracode, and Joshua Corman, Chief Strategist of Healthcare and COVID at CISA, presented at the 2021 RSA Conference on AppSec’s future and the need for a new Chief Product Security Officer (CPSO) role.
Wysopal start…

Chris Wysopal, Veracode Co-Founder and CTO, recently sat down with Tom Field, ISMG Senior Vice President of Editorial, for an executive interview at the RSA Conference 2021 to discuss if digital transformations are making application security (AppSec) …

Chris Wysopal, Veracode Co-Founder and CTO, recently sat down with Tom Field, ISMG Senior Vice President of Editorial, for an executive interview at the RSA Conference 2021 to discuss if digital transformations are making application security (AppSec) …

Verizon recently published its 2021 Data Breach Investigations Report (DBIR). This year, Verizon analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were confirmed data breaches, from 88 countries around the world.
Despite …

The role of the developer has evolved over the past several years. Developers are not only responsible for writing code and releasing new software rapidly but also for securing code. By implementing security in the software development lifecycle, you c…

All security flaws should be fixed, right? In an ideal world, yes, all security flaws should be fixed as soon as they???re discovered. But for most organizations, fixing all security flaws isn???t feasible.
A practical step your organization can ??? an…

To achieve DevSecOps you need to shift security left. Sounds simple, right? Well, it???s easier said than done.
A recent survey conducted by SANS Institute found that 74 percent of organizations are deploying software changes more than once per month ?…

Over the past several years, an increasing amount of organizations have been moving their applications from on-premises to cloud-hosted platforms. And with the current pandemic forcing most businesses to adopt a fully remote work environment, the cloud…

As a result of the worldwide pandemic, technology companies were forced to pivot to fully remote operations.ﾂ?For many organizations, this meant accelerating their digital transformation efforts.
But despite the investment in digital transformation eff…

The past 12 months have been especially challenging for the manufacturing industry. The pandemic affected in-person manufacturing jobs as well as supply and demand, causing many manufacturing companies to shut their doors or lay off valuable employees….

When it comes to securing your applications, it???s not unusual to only consider the risks from your first-party code. But if you???re solely considering your own code, then your attack surface is likely bigger than you think.
Our recent State of Softw…

In light of the current pandemic, our healthcare industry has been challenged like never before. Healthcare workers heroically stepped up to the plate, caring for those in need, while the industry itself digitally transformed to keep up with the influx…

The gold standard for creating an application security (AppSec) program is ??? and always will be ??? to follow best practices. By following preestablished and proven methods, you can ensure that you are maximizing the benefits of your AppSec program.
…

Over the past year, the retail and hospitality industries have been forced to adapt to the ???new normal.??? Since lockdowns and health concerns have prevented or dissuaded in-person shopping or dining, the new normal has been e-commerce. Smaller busin…

Software is becoming an increasingly pivotal part of modern business and society. In turn, consumers have come to expect instant gratification. This has driven businesses to concentrate on innovation and speed to market. Businesses that can???t keep up…

TrustRadius recently awarded Veracode with a 2021 Best Application Security Feature Set Award and Best Application Security Customer Support Award. These honors are given to companies that have gone above and beyond to delight their users.
To win the B…

Over the past several years, there have been many changes to software development and software security, including new and enhanced application security (AppSec) scans and architectural shifts like serverless functions and microservices. But despite th…

For this year???s State of Software Security v11 (SOSS) report, we examined how both the ???nature??? of applications and how we ???nurture??? them contribute to the time it takes to close out a security flaw. We found that the ???nature??? of applicat…

Veracode CEO Sam King says that security can???t be successful, and in fact will become a blocker, if it operates in a silo. She recently sat down for a fireside chat with Mahi Dontamsetti, State Street CTRO, and Jim Routh, MassMutual CISO, to share he…

For our annual State of Software Security report, we always look at the most common types of security flaws found in applications. It???s important to look at the various types of flaws present in applications so that application security (AppSec) team…

It???s been a stressful year, to say the least, for the government and education sector. Government organizations were challenged with pivoting their operations to a digital model while schools were forced to decide between hybrid or remote learning pr…

In our first blog in this series, Nature vs. Nurture Tip 1: Useﾂ?SAST With DAST, we discussed how this year???s State of Software Security (SOSS) report looked at how both ???nature??? and ???nurture??? contribute to the time it takes to close out a se…

When conducting research for this year???s State of Software Security report, we looked at how ???nature??? and ???nurture??? contribute to the time it takes to close out a security flaw. For the ???nature??? side, we looked at attributes that we canno…

As a security professional reading through version 11 of our State of Software Security (SOSS) report, the first statistic that probably stands out to you is that 76 percent of applications have security flaws. It???s encouraging to see that only 24 pe…

Last year, the PCI Security Standards Council published the PCI Secure Software Standard and the PCI Secure Software Lifecycle (Secure SLC) Standard as a part of a new PCI Software Security Framework (SSF), also referred to as PCI S3. The SSF offers ob…

Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11…

Veracode???s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ES…

Veracode has been officially recognized by Gartner Peer Insights as a 2020 Customers??? Choice for Application Security Testing. The report includes Veracode???s aggregate score of 4.6 out of 5 stars out of 95 independent customer reviews (as of July 3…

October is cybersecurity awareness month, and this year, the overarching theme is ???Do Your Part. #BeCyberSmart.??? When considering what ???cybersmart??? means in application security, we realized we unearthed some data this year that made us a littl…

Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their c…

When investing in an application security (AppSec) program, you expect to see a return on your investment. But in order to recognize a return, your organization needs to determine what success looks like and find a way to measure and prove that the pro…

Technology is constantly changing and advancing. Payment platforms are no exception. As these new platforms emerge, the software supporting the platform must be reliable and secure. Without secure payment platforms, payment transactions and data could …

When it comes to application security (AppSec), it???s important to note that no one testing type can uncover every flaw. Each tool is designed with a different area of focus, along with various speeds and costs ??? so it???s necessary to employ a mix …

In light of the current pandemic, most organizations will be working remotely for the foreseeable future. But the increase in virtual operations has led to a higher volume of cyberattacks.

Now, more than ever, it???s vital that your organization is ar…

Veracode recently sponsored Enterprise Strategy Group???s (ESG) survey of 378 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, a…