Forrester Analyst Amy DeMartine on What to Expect in Open Source in 2018

lpaine's picture
By Laura Paine January 11, 2018
2018 Open Source Software

When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintaining common components – it’s... READ MORE

How Static Analysis Has Changed in a DevOps World

jjanego's picture
By Jon Janego January 4, 2018
How static analysis has evolved in a DevOps world

The industry-wide shift to DevOps practices has changed more than just developer processes. It has also had a major impact on security, including application security testing techniques. Static analysis, for instance, has had to evolve along with development processes. Unlike early versions of static analysis solutions that only assessed completed code at the end of the development cycle, today’s... READ MORE

How CA Veracode Products Secure the Production Stage

sciccone's picture
By Suzanne Ciccone January 3, 2018
How CA Veracode secures your apps in production

This is the third entry in a series of blogs on how CA Veracode products fit into each stage of the software lifecycle – from coding to testing to production. We want to emphasize lifecycle here, because we continue to hear the misconception that application security falls squarely and solely into the testing stage. In our 10+ years helping organizations secure their... READ MORE

The Biggest Cybersecurity Stories, Breaches and AppSec Lessons of 2017

jzorabedian's picture
By John Zorabedian December 22, 2017  | Customer News
Cybersecurity Breaches of 2017

The past year featured daily news about cyberattacks, data breaches, and software vulnerabilities. If it feels like our cybersecurity challenges grow bigger and more complex, year after year, it's more than just a perception. Research from security companies, including CA Veracode, shows that there are more attacks than ever, and organizations have not caught up with the preventive measures... READ MORE

Podcast: 2017 OWASP Top 10 – What’s New

sciccone's picture
By Suzanne Ciccone December 21, 2017

For the first time in four years, we have a new OWASP Top 10 list of the most critical application security risks. Cross-site request forgery (CSRF) and unvalidated redirects and forwards have been bumped off the list. XML external entities, insecure deserialization and insufficient logging and monitoring have been added. What’s the significance of both the additions, and the subtractions? CA... READ MORE

Podcast: Are We at Risk For Data Breach Disclosure Fatigue?

lpaine's picture
By Laura Paine December 21, 2017

What is the fundamental purpose of data breach disclosures? To help the company breached? To help other companies in a similar position? To help the customers of the breached company? To help law enforcement? At its most extreme, should it ever be about shaming a company that had poor security? Depending on the circumstances, it can be about all of the above. Focus on the customer. That’s a... READ MORE

When You Need to Report a Single AppSec Metric: Our Recommendation

anielsen's picture
By Anne Nielsen December 14, 2017
Find out the one AppSec metric you should report to your superiors.

Metrics are critical for measuring and expanding an application security program. And there are a lot of important numbers you need to track to gauge your program’s progress, but sometimes you need one number that sums up your progress. Executives don’t always want to see a slew of complicated charts and graphs – they want one simple number that answers, in a nutshell, is this working, are we... READ MORE

Overcoming the Language Barrier Key to DevSecOps Success

sciccone's picture
By Suzanne Ciccone December 8, 2017
how to overcome the dev/sec language barrier

As DevOps moves to DevSecOps, there is a significant “people” component involved in the shift. Development and security teams both need to overcome their “language barriers” and understand each other’s processes and priorities. The effort is worth it because we know that (1) the consequences of neglecting software security are getting more damaging and (2) embedding security early and often into... READ MORE

How Are We Securing the Booming Digital Economy? Our Latest Survey Results

sciccone's picture
By Suzanne Ciccone December 8, 2017  | Intro to AppSec
Are business leaders concerned about securing their digital initiatives?

The holiday season is upon us; are you buying all your gifts at the mall? Probably not. Many, if not most, of you are going to research, purchase and pay for all your holiday gifts online this year. Digitization is everywhere – changing every interaction and transaction. But it seems like breaches are everywhere as well – affecting all industries in all geographies. Are business leaders simply... READ MORE

AppSec in Review Podcast: How Developers Respond to Security Findings

jzorabedian's picture
By John Zorabedian December 5, 2017  | Secure Development | Research
AppSec in Review: How Developers Respond to Security Finding

We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In this episode of the AppSec in Review podcast, Evan Schuman and CA... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu