Modern software development is full of security risk. Factors like lingering security debt, insecure open source libraries, and irregular scanning cadences can all impact how many flaws dawdle in your code, leading to higher rates of dangerous bugs in …Read More Are You Targeting These Risky Red Zone Vulnerabilities?
If you caught part one of our recap series on this year???s Collision conference, you know we covered a roundtable talk hosted by Veracode???s own Chris Wysopal. The talk focused on the risks of AI and machine learning, delving into discussions of how …Read More Reporting Live From Collision Conference 2021: Part Two!
This week, Collision (virtually) kicked off its annual conference, bringing together creatives, builders, influencers, innovators, and other great minds to cover some of the hottest topics in business and technology. Known as ???America???s fastest-gro…Read More Reporting Live From Collision Conference 2021: Part One!
Year after year, cyberattackers cause unnecessary stress for organizations, disrupting innovation and impacting profit. 2020 was no different ??? last year brought a bevy of damaging breaches that cost organizations precious money and time they couldn?…Read More The Biggest Breaches and Data Leaks of 2020
???Science and technology revolutionize our lives, but memory, tradition, and myth frame our response.??? ??? Author Arthur M. Schlesinger
Urban myths rely on their communities of origin to thrive and survive. Perpetuated by offhand anecdotes, sensatio…
The first everﾂ?Veracode Hacker Gamesﾂ?competition hasﾂ?come to a close, but were the flaws inﾂ?favor of our brave competitors? Read on to find out.ﾂ?
Over the course of the two-weekﾂ?challenge, students from several universities in the U.S. and the U….
Last year brought a lot of change. Companies across the globe had to pivot, ready or not, and many went fully remote just like we did here at Veracode. 2020 transformed the way we work and communicate, changed how we raise our families and celebrate ho…Read More We’re All WFH Too – One Year Later!
Whether a seasoned professional or a fresh computer science grad, every developer has his or her stressful moments of trying to dig through scanning results to mitigate or remediate a vulnerability. Since you work at the speed of ???I need this yesterd…Read More Putting the Sec in DevSecOps
???Destroying things is much easier than making them.??? This quote from The Hunger Games rings true in software; developers spend months perfecting their innovative applications only to see it all crumble at the nimble fingers of a speedy cyberattacke…Read More Announcing the First-Ever Veracode Hacker Games
To keep up with increasing time and productivity demands in software development, it???s important that organizations are staying on top of their digital shifts through rapid technology adoption and the prevention of common snags in application security (AppSec). Developers must be enabled to create quality, secure code from the start of a project through to deployment of the application, which is why automation and integration are must-haves in your DevSecOps program as you make that shift to digital.
The scalability and flexibility that software-as-a-service (SaaS) products provide only help to leap over hurdles that arise during that digital shift. Veracode made the switch to Amazon Web Services (AWS) when it became clear that our customers needed greater flexibility and scalability, and today, we function as an AWS Advanced Technology Partner with DevOps Competency that enables our customers to keep their code secure without disrupting the development process.
With this tech at their fingertips, we???ve seen our customers adopting optimized Static Analysis (SAST) and Software Composition Analysis (SCA) testing within their CI/CD pipelines, integrated through AWS CodeBuild and AWS CodePipeline. Developers are also able to configure scans in the pipeline for quick pass/fail tests on critical security issues once they push their code to a new feature, while also running other vital unit and integration testing processes in CodeBuild, such as policy scans that can guide remediation.
Additionally, with the cloud set up and the right integrations in place, organizations have more room to leverage new technologies that they otherwise wouldn???t have the right environment to integrate. As an example, AWS permits Veracode to architect new solutions using services like AWS Lambda and AWS Key Management Service (AWS KMS); flexibility made possible by the cloud.
To learn more about how Veracode works with AWS to build security into cloud-native developer workflows, read our blog.Read More Embracing the Digital Shift: Implementing DevSecOps in the Cloud with AWS
Before selecting Veracode, Advantasure, a leader in the healthcare technology industry, was on the hunt for an AppSec program that would not only protect them against cyberattacks, but also prove compliance with laws and regulations in several states. …Read More Customer Q and A: Advantasure Developers Talk AppSec
In volume 11 of our annual State of Software Security (SOSS) report, we uncovered some valuable nuggets of information about how you, the innovative developers of our world, can craft more secure code. For example, did you know that scanning via API im…Read More Is Your Language of Choice a Major Flaw Offender?
We recently released volume 11 of our annual State of Software Security (SOSS) report, which analyzes the security activity and history of applications Veracode scanned during a one-year period. Giving us a view of the full lifecycle of applications, t…Read More State of Software Security v11: Key Takeaways for Developers
In late October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) co-authored an advisory report on the latest tactics used by cybercriminals t…Read More Healthcare Orgs: What You Need to Know About TrickBot and Ryuk
Cyberattackers and threat actors won???t take a break and wait for you to challenge them with your security efforts ??? you need a proactive application security (AppSec) program to get ahead of threats and remediate flaws quickly. It???s critical that…Read More Watch Here: How to Build a Successful AppSec Program
Developers face a bevy of roadblocks in their race to meet tight deadlines, which means they often pull from risky open source libraries and prioritize security flaws on the fly. In a recent ESG survey report, Modern Application Development Security, w…Read More Veracode Makes DevSecOps a Seamless Experience With GitHub Code Scanning
Maximizing the value of your application security (AppSec) analytics not only provides a window into whether or not you???re meeting security requirements but also it helps you prove your ROI. That can be a challenge for a lot of organizations ??? when…Read More Watch Here: Using Analytics to Measure AppSec ROI
Theoretical physicist Stephen Hawking was spot on when he said, ???Whether you want to uncover the secrets of the universe, or you just want to pursue a career in the 21st century, basic computer programming is an essential skill to learn.??? It???s no…Read More 16% of Orgs Require Developers to Self-Educate on Security
It???s no secret that the rapid speed of modern software development means an increased likelihood of risky flaws and vulnerabilities in your code. Developers are working fast to hit tight deadlines and create innovative applications, but without the r…Read More 43% of Orgs Think DevOps Integration Is Critical to AppSec Success