Why is so much software so insecure? You can blame Mark Zuckerberg. No. Really.

Here are a couple, seemingly contradictory facts: we, as an industry, understand much, much more about how to write software securely today than we did ten years ago. And – fact number two: there’s far more, insecure software being written today than there was ten years ago. Why?

A few days ago Duck Duck Go, the search engine that advocates privacy and opposes tracking of any sort, released an awesome guide for Data Privacy Day. Their guide outlines how to prevent your browser from tracking you in any way possible.

Enterprises are more dependent than ever on S.O.U.P. – software of unknown pedigree. Too often, however, it’s a thin broth, security-wise. Enter the S.O.U.P. Nazi!

Still looking for the right New Year’s Resolution? We’ve got one for you: develop secure web browsing habits. Given the range of threats facing Internet users today, it is critical that users learn to protect themselves while browsing the web. Our second post in our “Cybersecurity 101” series offers our recommendations for browsing the Internet safely.

There’s a lot to dislike in the National Defense Authorization Act (NDAA) if you’re a civil libertarian. But the big, flawed bill that President Obama signed this month has a lot to like when it comes to security.

When it comes to our dynamic scanning customers our goal, in addition to a high quality report of your code’s vulnerabilities; is to also perform these scans as quickly and efficiently as we can. While there are a variety of metaphorical bumps in the road that can occur in this post we will be focusing on one we’ve seen quite a bit lately. The problem arises when our dynamic scanner hits a wall in the form of a [java applet/flash-based form/activex] or any function that is non-dom based or in other words Non-Standard Authentication. Our dynamic scanner is built to find flaws in dom-based programs and if we hit these types of walls it can adversely affect our ability to complete your scans in a timely fashion.

Paul Roberts has just officially launched his latest project in the form of IT Security news site The Security Ledger. A regular contributor to the Veracode blog and former editor of Threatpost, Paul is a well known and respected name in infosec journalism. The Security Ledger describes itself as –

Lots of software companies make buggy products. But researchers are finding that software security problems often run in the family.

Build.com, an online retailer of home improvement products is announcing today their integration of the Veracode testing platform into it’s Bamboo and JIRA software development tools. This integration will help Build.com detect and fix code vulnerabilities earlier in it’s SDLC, reducing time and the cost of remediation.

This morning at 10am our third Hackathon officially kicked off! Mark Kriegsman got things started by running over the agenda and rules while Chris Wysopal introduced some new programs and incentives that were quite exciting to folks. Everyone grabbed a donut and then before you knew it the gates were opened!

That’s the stance of Yaron Baitch, Technology Manager of Bob’s Stores. At Bob’s Stores they’re utilizing three key functions of the Veracode platform; software review, e-learning and analytics. Software review gives them a fresh set of eyes to manage their internally developed tools and ensure industry safety standards in all their software.

NFC technology has better than even odds to be the “next big thing” – enabling your smart phone to subsume everything from your wallet to your car keys. But – as the Magic 8 Ball might say: the outlook is “not so good” when it comes to security.

As part of the Veracode way, every employee is strongly encouraged to take part in our company Hackathons. A Hackathon is a 3 day event where you get to work on literally any project you like, you may recall reading Mark Kriegsman’s post summarizing our Summer 2012 Hackathon.

Well Hackathon3 is upon us and only a week away. This week posters went up in anticipation of the event and hack ideas are filling the kitchen walls. What will we see from Veracoders in the new year, only time will tell but if history is any indication we can expect great things!