App Testing (and Retesting): When Are You Secure Enough to Launch?

Enterprises recognize the need for cutting-edge, user-friendly apps, but Veracode reports that of 12,000 security professionals surveyed, 69 percent cite application-layer vulnerabilities as the greatest threats to app security. What's more worrisome is that just 10 percent of respondents say that their apps were reviewed for security before, during and after launch. App testing remains the most effective way to prevent problems down the line — so how you know when your app is ready for prime time? What's the Big Deal? Application flaws can lead to security breaches. If hackers...

Read More

HIPAA Compliance and the Healthcare Supply Chain: Broken Links?

Healthcare agencies are no strangers to IT security risks. In August, Community Health Services (CHS) announced the theft of 4.5 million patient records due to a Heartbleed breach; now, companies are dealing with Shellshock, which exploits open-source Bash code to compromise appliances and network hardware such as medical devices. To combat these threats and maintain HIPAA compliance, many agencies have "hardened" traditional access points, making it more difficult for attackers to slip through. The rise of an app-enabled healthcare supply chain, however, is creating new breach...

Read More

What Microsoft's Agile Development Plans Mean for Application Security

Waterfall development has been a staple of technology's largest software houses for decades, but now even the most blue-chip tech firms are considering more nimble approaches. Agile development has proven its power over the past few years, and Microsoft looks to be shifting its development process to take advantage of its benefits — including that fact that it provides an opportunity for CISOs to easily integrate security testing into their development processes, ensuring their apps are as secure as possible in a time when information security is only growing in importance. A More...

Read More

Want a Powerful Culture of Security? Communicate "the Why"!

This post was jointly authored by Vivian Vitale, EVP of Human Resources and Maria Loughlin, VP of  Engineering at Veracode. What is a culture of security? Can you impose one? Does it evolve? What are the elements that make it stick? As leaders at Veracode, where security is job #1, we challenge ourselves with these questions. We represent two different functional perspectives: the human-resources lead and the engineering lead. We both come from companies deeply rooted in security, whether we're talking products or services (or both). Together, we have learned that multiple cultural...

Read More

How Medical Services Can Close the Gap in Healthcare Security

Personally identifiable information (PII) is rapidly becoming a hot commodity for cybercriminals, since it lets them file false tax returns and create fake credit-card accounts. But the most valuable PII? Healthcare data. Once compromised, thieves can use this data to claim medical benefits and obtain prescription drugs. According to Healthline, healthcare security took a beating last year, with 44 percent of total identity breaches targeting the medical-services industry. As noted by Modern Healthcare, more than 12 percent of all Americans have suffered some kind of healthcare-related...

Read More

Google Chrome Apps: A Modern Way to Build a More Secure Web

Browsers are a common method for users to access apps and services. Even heavily mobile-centric apps (such as Instagram) are launching complementary browser versions. If you're thinking of developing a Web app, check out Google's new Chrome App model. Boasting an array of security features, the model will enable developers to build browser apps that have the security and native look and feel of regular desktop apps and deploy them over multiple platforms simultaneously. Web Apps with Native-like Security Just like regular Web apps, Chrome Apps are written in HTML5, JavaScript and CSS...

Read More

Karma Chameleon: Actual Advice for Women in Tech

When it comes to women in tech, how about some advice that stands out for the right reasons? Last week I attended the Grace Hopper conference to proudly watch my sister, Anne Condon, receive the ABIE Technology Leadership award. At the conference keynote I had a front row seat for Microsoft’s CEO, Satya Nadella’s astonishing interview. Surrounded by 8000 inspiring female computer scientists I heard his now-infamous comment: “It’s not really about asking for the raise, but knowing and having faith that the system will actually give you the right raises as you go along...

Read More

How to Improve Cloud Computing Security Across an Enterprise

Since its inception, cloud computing has had the reputation of being high-risk when it comes to information security — and, according to a new study, that's still a problem. Enterprises looking to the cloud as a way to increase their agility or cut costs should be aware of these issues; in addition, CISOs have to understand the methods at their disposal that enable them to mitigate risk to data that's stored or processed in the cloud. Security and the Cloud Forbes' report on a new study highlights alarming cloud computing security trends in the health-care industry. The...

Read More

The Agile Dope Slap

Here's the truth: Agile is not a panacea, particularly when you're working with multiple Scrum teams on various continents with unavoidable interdependencies. That said — in the context of Winston Churchill's claim that "democracy is the worst form of government except all those other forms that have been tried from time to time" — Agile is the worst form of software development, except all those other forms that have been tried from time to time. As we struggle through some of the challenges of scaling this method (and they're real; read Gary Gruver'...

Read More

The OCC Returns: New Merchant Processing Rules

When your industry builds software or handles money electronically, standards are perhaps best filed under the "necessary evil" banner: No matter how out of touch they may seem — or what a pain they may be to people on the back end — they're created to help end users who put the money there to begin with, and that makes them worth following. Which is why the recent revision of the Comptroller's Handbook Booklet by the Office of the Comptroller of the Currency (OCC) is so crucial to all companies involved in the merchant processing spectrum. With its 86 pages of...

Read More

Pages