The 7 Habits of Highly Successful Supply Chain Transformations Infographic

Securing the software supply chain is neither sexy nor straightforward, but it is doable. Other industries have been able to dramatically affect change within their supply chain when introducing Green or RFID initiatives and security leaders can learn from those pioneers. These 7 Habits - distilled from research sources including the Wharton School of Business, Federal Reserve Bank of Atlanta, and the Harvard Business Review, among others – represent the best methods to address the security of your software supply chain.  

Read More

AppDev Priorities Show Issues With Security

Insight into the world of application development shows interesting and promising trends. Agile development's popularity is increasing, and developers are finding real gains as a result. However, as the line between development and operations continues to blur, it can be easy for established security best practices to fall by the wayside. It's up to the application development community to investigate the best ways to overcome this obstacle. AppDev Priorities Turn to Agile InformationWeek and Dr. Dobb's recently joined forces to create a survey covering the state of application...

Read More

Veracode Nominated for Best Security Company and Other Accolades

After a long winter, we’re celebrating the kick-off of spring by announcing a host of industry accolades for helping our customers address the most pressing cybersecurity threats. If you haven’t heard, Veracode has been selected as a finalist across six awards. This is an exciting list of accolades, particularly as an indication that application security is gaining prominence as a significant means to reduce the risk of being breached. And why wouldn’t it? According to the Verizon DBIR, web applications have become the number one target for cyberattackers, with application-...

Read More

Charting a New Course for Secure Software Development

The landscape of application software development is undergoing rapid transformation. New platforms for server and client, new development tools, new languages, newfound status, and new deployment methodologies mean the already quick pace of change has gotten faster.  In the meantime, developers must learn to chart this new course while building in and maintaining secure coding standards. Despite increased public awareness of the repercussions of delivering insecure software, developers are still trying to reconcile their competing priorities. According to the recent Information Week App...

Read More

Agile Adoption Is the Winning Choice for Secure Software Development

When it comes to product development today, Agile adoption is more important than ever. That's because Agile allows for the quick design of robust applications that are resilient to cyberattacks. In many cases, traditional waterfall development doesn't cut it, because it necessitates significant effort and numerous time-consuming steps. And since you don't typically get the opportunity to revisit phases in waterfall development, the method requires perfection the first time around — which can be nearly impossible. Agile adoption can help overcome these difficulties and speed...

Read More

The Vast Underground World of Cyber Gangs

The illegal activities of hacktivists and nation-states receive massive amounts of media attention. When speculation that the Sony breach was caused by the North Korean government began, it caused the media coverage of the breach to explode. That is because the concept of cyberwar and cyberterrorism is both fascinating and terrifying. Enterprises that suffer a breach often claim they were victims of an advanced persistent threat or targeted attack — because no company wants to admit it was breached through an easy-to-find-and-mitigate vulnerability. However, that is more often than not...

Read More

Third-Party Security Is Defense by Design

Third parties are a problem when it comes to cybersecurity. According to IT Business Edge, handling third-party security risk will be a major concern in 2015 — and that's no surprise, since a recent BitSight study found that almost one-third of all retail IT breaches started with a third-party vendor. Since the self-certification of vendor security credentials is no longer a reliable touchstone, how can companies protect their assets? The Big Risk Target is the most obvious example: Point-of-sale (POS) malware made its way from a third party onto the company's corporate network...

Read More

Minimizing the Impact of a Breach Demonstrates the Strategic Value of the CISO

A security breach is not a failure and, with Forrester Research predicting that in 2015 “at least 60 percent of organizations will suffer a security breach₁”, not all that uncommon. As victims of a breach, CISOs and security & risk professionals need to respond quickly to minimize its impact. The best way to ensure an appropriate response is to have a plan in place well before a breach occurs. That way, you aren’t making decisions while your brain is in crisis mode, and you are less likely to overlook critical areas of your response. However, incident response planning...

Read More

How a Third-Party Compliance Policy Can Save Your Business

It's nearly impossible for modern enterprises to avoid third-party software and outsourced code. But as hackers and thieves continue to focus on the software layer, it's becoming increasingly important for every enterprise to develop a process for addressing their outsourced or third-party software, which must include a third-party compliance policy. Without one, enterprises leave themselves open to all kinds of security issues. Here's how you can develop a robust policy that mitigates the risks of outsourcing: A World of Third-Party Risk There was a time when it was perfectly...

Read More

Uber's Data Collection Policies: What Application Developers Can Learn About Consumer Trust

Hot on the heels of Uber's PR disaster, news about the app's Android permissions has forced the public to consider what's more important: convenient apps that have dramatically shifted the paradigm of one of the oldest industries, or privacy. According to BGR, the Uber app can see a lot of personal data, including whether or not a device is rooted, has malware on or is vulnerable to Heartbleed. It also has access to users' cameras, phone calls, neighboring Wi-Fi networks and more. That level of sensitive-data collection isn't just intimidating for the average user who'...

Read More

Pages