Jessica Lavery

Jessica is part of the content team at Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.
Posts by Jessica Lavery

Podcast: Cyberwar has a history not just a future

September 6, 2016  | Security News

Cyberwar – the term conjures images of futuristic warriors battling for control of Earth ala the Terminator or the Matrix. But the truth is cyberwar is just as much a part of our national history as it is a potential future crisis. And as the old adage goes “ what has happened before will happen again”. The main difference between the cyberwar of the past and the one of today, or the future is... READ MORE

Until We Prioritize Security Training, We Will Remain a Step Behind Cybercriminals

June 22, 2016  | Secure Development

Where is your security money going? Typically, it lives at the edges of the network, in operations land. The big spends on items and services such as log aggregators and organizers, firewalls, and penetration testing are generally trusted buys. These are tried-and-true tactics that have withstood the tests of time. But time, as it were, has claimed many a security system. From the low-tech... READ MORE

Optimizing Software Management with a DevSecOps Approach

June 15, 2016  | Secure Development

Let’s face it, building software is difficult. It’s mental gymnastics. When your developers are working hard, they’ve likely got at least two hours of ramp up time behind them. Bother them during their meditative state, and you’re resetting that clock, losing hours of potential work. There’s a flow to programming, and when you’re in the zone, the code comes... READ MORE

The Future Is Now: Applications Protect Themselves Against Attacks

June 7, 2016  | Security News

More enterprises than ever before are recognizing that software is inherently insecure. Yet, they cannot slow down their development cycles to accommodate this reality. Doing so would compromise their innovation and competitiveness. As a tradeoff, many companies end up sacrificing security. RASP technology holds the promise of protecting applications without touching code As a category, runtime... READ MORE

Verizon’s 2016 Data Breach Investigations Report Demonstrates Traditional Approaches to AppSec Aren’t Working

May 5, 2016  | Security News

It has taken me a few days to wade through all the data and information in this year’s Verizon Data Breach Investigations Report, but I’ve finally found the time to read it all the way to the end. As always, the report is full of interesting statistics about breach and incident trends. While each section of the report offered valuable insights and information, I found the section on... READ MORE

Examining Dark Territory With Fred Kaplan

May 4, 2016  | Security News

On Tuesday night at RSA, Veracode held a book launch of Fred Kaplan’s Dark Territory: The Secret History of Cyber War. Kaplan was on site to sign copies of his book and to discuss the history of cyber war. That’s right, history, not future, of cyber war. Dark Territory looks back at the history of cyber war. Opening with a story from the Reagan administration, the book then examines... READ MORE

Striking a Balance: How Software Producers Can Boost Security Without Comprising Development Speed

April 28, 2016  | Intro to AppSec

The importance – and pressure -- of developing and managing secure code aren't lost on today's software vendors. As clouds have drifted into the mainstream, mobility and apps have become pervasive, and user expectations around functionality have grown, the need to deliver updates, patches and improvements on a regular and ongoing basis has skyrocketed. Many software providers now... READ MORE

What Gets Measured Gets Done: a Motto to Live by in Application Security

March 31, 2016  | Managing AppSec

Back in December, the CISO of a financial services company explained how he took his company’s application security program from 0-60 in 12 months. Now, that same CISO explains why measurement was a critical component to the program’s success. As we developed our application security strategy, gaining buy-in from various stakeholders was an essential part of making it a success. But,... READ MORE

Don’t Overreact: 5 Steps for Responding to Vulnerability Disclosures

March 19, 2016  | Intro to AppSec

Heartbleed, Shellshock, FREAK, POODLE, VENOM – these are just some of the branded vulnerabilities that were disclosed in the past two years. With so many branded vulnerabilities coming out executives are paying more attention to application security. This is great, except that it also means security professionals are under increased pressure to react to vulnerability disclosures, rather... READ MORE

How the Legal Department Can Improve Your Vendor Application Security Program

March 16, 2016  | Managing AppSec

In order to keep up with the need for applications, companies are purchasing software at an accelerated rate. And if you are like most companies, your processes for vetting the security of your software is probably not very sophisticated. Most companies rely on questionnaires or even just a wink and a nod from the vendor’s account manager. Companies that recognize the risk introduced from... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu