Last night our CTO and Co-Founder Chris Wysopal joined Fox Business’ The Willis Report to chat about medical record privacy in a segment titled “Digital Records Putting Your Health Information at Risk?“

Nothing’s free in this world, especially not when it comes to security. With Twitter officially cramping your style, you are now forced you to waste precious seconds you could be tweeting, by instead waiting for a verification code to be delivered to your phone just so you can login.

The Internet of Things is upon us. We’re at the dawn of a new era – with changes afoot that may be even more revolutionary than the advent of the commercial Internet. There’s just one big obstacle in the way: application security.

We have a rich history of running webinars at Veracode but it seems that recently we’ve been doing more in house and via partner channels. Going forward you’ll see a monthly update like this post detailing all our anticipated online events to hopefully make you aware of our webinars sooner and help you plan for attendance if you’re interested. Without further ado here’s the slate of webinars for the remainder of May!

I recently came across an interesting blog post by a team member at Acunetix that addressed a challenge many enterprises are facing when it comes to securing third-party components. This is a pretty hot topic in certain circles these days, and understandably so – studies have suggested that as many as 65% of an enterprise’s mission critical applications are developed externally. Additionally, Veracode research shows that a typical internally developed applications contains somewhere between 30% and 70% of externally developed code, indicating that even internally developed apps are utilizing code originating outside of their own walls.

Tomorrow Veracode co-founder and CTO/CISO Chris Wysopal, and Josh Corman co-founder of Rugged Software and Director of Security Intelligence at Akamai Technologies will be filming a video segment with Paul Roberts of The Security Ledger. The trio will be chatting about a variety of topics trending in the Appsec field including but not limited to; recent changes to the OWASP Top 10, security of third party software components, and industry culture.

The ISSC released its latest survey of information security pros, which found application security issues at the top of their list of security threats. Are we surprised?

Our entire Research team is in town this week for a round table catch up and this fun artist’s rendition of them materialized. Given that I haven’t personally met them all I was unable to identify a few of them by these cartoons. I figured I’d turn to our trusty community to help me out, comment below if you you think you know an avatar’s human counterpart with the number next to them and their full name.

A developer’s main goal usually doesn’t include creating flawless, intrusion proof applications. In fact the goal is usually to create a working program as quickly as possible. Programmers aren’t security experts, and perhaps they shouldn’t be. But when 70% of applications failing to company with enterprise security standards (data from Veracode SoSS vol 5), it is clear more attention needs to be given to secure programming techniques.

Everyone has had that dreaded experience: you open up the task manager on your computer… and there’s a program name you don’t recognize. It gets worse when you google the name and can’t find a concrete answer on what it is and why it’s there. It gets even worse when you remove it from Autoruns and it comes back. It gets terrible when you realize it has keylogger functionality. The icing on the cake, however, is when the mystery program is also eating up all your RAM.

The case of serial killer (and nurse) Charles Cullen shows that arcane application security issues like race conditions can literally be matters of life and death in the healthcare field.

UBM Tech Director of Content, Jonas Tichenor, interviews Evan Fromberg, Senior Director of Channel Sales and Business Development at Veracode. The interview hits the topics of enterprise application security, marketplace challenges in appsec and the partner program at Veracode. A transcript of the interview is available in the full post.

A survey of 3,500 developers by the firm Sonatype found that use of open source software is exploding in the application development community. Alas, much of it is unchecked, with few if any controls over what- or how components are being used.

Application security analytics at Veracode is “living in interesting times.” With each passing month, the data set is growing dramatically in both size and variety. An increasingly diverse set of organizations are submitting their applications for review. New programs such as VAST create usage patterns of Veracode’s services that reflect an evolving security supply chain. On top of this, Veracode’s platform for finding, classifying, and reporting discovered flaws continues to expand to address new challenges such as mobile apps, new vulnerability classes, new scanning technologies and revised policies for defining acceptable application software security. The challenge with all this newness is striking the right balance between keeping the analysis the same to track trends over time and developing new analysis to convey some new findings.