One of the great things about the Veracode platform is the insight we get from examining our anonymized customer data – not only information about the vulnerability landscape (as published in the State of Software Security report) but insight into the composition of the applications that we scan. As I alluded in my last post, one of the things we record when scanning applications is the presence of frameworks and other supporting technologies, and we’ve been at work mining that data to understand what developers use to …

Happy Friday everybody, and welcome to another installment of our Weekly News Roundup. It certainly was another busy week in the application security world, with several cyber attacks, new regulations, and updated security measures making headlines. Veracode’s Marketing team rounded up some interesting articles on some of the biggest topics of the week. Give them a read and enjoy.

1. New Data Protection Laws: “EU to Propose New Data Breach, Privacy Regulations” by Brian Prince (@threatpost). Over the weekend the European Union announced that they would soon be proposing new laws that …

In continuation of yesterday’s piece on Chris Wysopal’s discussion with cyber-security guru Richard Clarke, this second installment focuses on questions asked by webinar participants in the live webcast. Remember, you can always download and view the recorded versions of our webinars here.

Q: Are you concerned about the merge to electronic healthcare records?

RC: Yes – part of the healthcare reform package has requirements that accelerate the reliance on electronic file records in medicine. There’s some real incentives in the bill that force the industry into doing it relatively quickly. The …

Following a dramatic increase in the number and severity of breaches in 2011, Chris Wysopal and internationally-renowned cyber security expert Richard Clarke discuss the changing cyber threat environment, the evolving cyber legislation landscape, and steps you can take to strengthen your organization’s resilience to the current threat environment while complying with evolving regulations.

This well-attended webinar generated a huge volume of questions from attendees, so we’ve decided to cut it into two parts. Stay tuned for the second segment tomorrow, but in the mean time, be sure to download and view …

In case you haven’t heard, Veracode has been nominated for two awards at the 2012 Social Security Blogger Awards: Best Corporate Security Blog and Single Best Blog Post or Podcast of the Year. Let me first say that we are absolutely thrilled to be nominated for these awards and are honored to be listed amongst so many other great blogs. We are asking that readers take a minute to show their support and vote for our blog here. It should be noted that you need to be a security blogger to cast a vote.

Many of the …

You don’t need me to point you to stories such as this New York Times article that reported on data from Flurry, a mobile analytics firm to convince you that mobile app usage is growing exponentially. 25B downloads at the end of 2011, a 300% increase year over year. I mean Angry Birds Rio was on the Christmas list for my 6 and 3 year olds – even Santa is not immune from this demand!

It is for this reason that we chose to include statistics from Android apps in our recently …

What a busy week for the internet! With topics from attacks and hacks to protests, bloggers have been busy covering the most recent news in the cyber security industry, and we are here to wrap it all up. The following are some of this week’s biggest headlines, along with some of the best commentary on them, enjoy!

1. Zappos Attack: “Zappos Breach Notice: Lessons Learned,” by Tom Field (@SecurityEditor). Field interviews a privacy attorney as she provides her analysis and opinion of Zappos’ response. Points of interest include the decision to shut down the customer service phone …

Evan Fromberg, Sr. Director of Channel Sales and Business Development here at Veracode, recently wrote a guest post on Rackspace’s Cloud Blog. In his post, Evan talks about the emergence of a growing need for businesses of all sizes to increase speed to market.

He examines the impact of this trend on the adoption of cloud platforms, and what this means for the security of applications being migrated to the cloud. The post sheds light on some of the vulnerabilities in applications that are becoming more prevalent, and also reveals …

With the entire buzz about SOPA and the highly visible protests from some major sites today like Google, Reddit, Wikipedia and Wired, I’ve been looking for more factual posts on the web regarding this highly controversial topic.

Quick intro to SOPA: Simply put, SOPA (Stop Online Privacy Act) and its companion PIPA (Protect IP Act) are two anti-piracy bills intended to strengthen protections against copyright infringement and IP theft. SOPA battles the menace of piracy and intends to protect content creators by requiring that rogue sites be blocked by ISPs, prevented from …

January 15th was the 10th anniversary of Gates Trustworthy computing memo. We thought it would be interesting to ask a few Veracode employees what they were doing on that day 10 years ago. This is the second post on this topic. Yesterday’s post is here. Some of the answers are really funny! Can you guess who had blue hair in 2002?

Captain @stake Steve Roge was selling manual code reviews to Fidelity for $150 per hour and every consultant who worked on the …

You’ve probably read by now that online retailer Zappos suffered a security breach affecting over 24 million customers. As a Zappos customer, I received the email last night alerting me about the breach. I got a nearly identical email from their sister company, 6pm.com, as well. This is a clear sign that I buy too many shoes.

What’s interesting to me about this breach is that Zappos is renowned for their customer service, so watching how they communicate in the coming days and weeks should be an interesting case study. A few notable points so …

January 15th is the 10th anniversary of Gates Trustworthy Computing memo. The effects of this memo have already been discussed on Threatpost so I thought it would be interesting to take a different angle on commemorating this event – Where were you on 1/15/2002? I asked a mixed group of my colleagues at Veracode to answer this question. The group has a wide age range, and come from many different backgrounds. Some of the answers are really funny! I hope you enjoy!

Chris Wysopal …

Welcome to the first post in our new blog series, the Veracode Application Security Weekly News Roundup. Every Friday we will be compiling and releasing our list of the top news items of the week. This week features a handful of excellent articles from the cyber security world on topics like social media security, malware attacks on the U.S. government, and hacktivism.

1. Worm steals more than 45,000 Facebook logins

The theft of over 45,000 Facebook logins by a piece of malware called Ramnit has been grabbing a few headlines lately. Ramnit is a worm …

As a start to 2012, I wanted to share my thoughts on a topic of great interest to me – compliance. To start the discussion, I thought it would make sense to lay down a base line. This post covers the “What and Why” of compliance.

First question most people ask: What exactly is “Compliance”?
Wikipedia says: “In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant …

I am planning to purchase a Nissan Leaf, to lower my impact on our environment when I drive to work at Veracode. Some studies have put the electricity used to produce gasoline as roughly the same as the electricity needed to drive an electric car as far as the gasoline will take a typical internal combustion engine car. The exact numbers are hard to pin down and much debated, but obviously removing the gas from the equation and getting roughly the same effect has a much lower impact on our environment.

In learning about the Nissan Leaf I read …