Jim Jastrzebski

Jim has been an application security practitioner for about 10 years and now manages the Application Security Consulting group at Veracode. He holds a postgraduate degree in computer science from RPI, with a specialization in software engineering. Prior to joining Veracode, Jim developed software for consumer broadband, nuclear power generation SCADA systems, and multimedia content delivery for mobile devices.
Posts by Jim Jastrzebski

5 Ways Veracode Helps You Fix Software Flaws

August 2, 2017  | Customer News

How Veracode Helps Remediate Flaws

As important as application security testing is, it's really just the first step in a continuous process to identify and fix flaws. And, depending on your application, you may have hundreds of flaws which require remediation. Some of the most common questions I hear when consulting with customers, particularly new customers, are, “how can I make sure I’m remediating the flaws I find,” followed by... READ MORE

How to Help Developers Accept and Embrace Security Testing

February 14, 2017  | Secure Development

In previous posts in this blog series, I've explained that AppSec teams should have empathy for developers as they go through the stages of grief after an unfavorable security assessment of their code. In this post, we wrap up by discussing how to get developers to move through the final two stages – from bargaining to acceptance. Bargaining: "We have a firewall that handles this.... READ MORE

A Developer’s Stages of Grief After a Failed Security Assessment

February 13, 2017  | Secure Development

After nearly 10 years as a security consultant, I've talked to thousands of developers about remediating security flaws in their code. It's not always an easy conversation, and developers have a wide range of emotional reactions, not all of them good. The fact is, developers are increasingly responsible for quality assurance and security testing of their code, tasks that didn’t used... READ MORE

AppSec Managers Should Have Empathy for Developers

February 10, 2017  | Secure Development

Developers don't always respond well to security assessments that highlight flaws in their code. With a little bit of empathy, it's not hard to understand why developers might react with frustration, annoyance, or even hostility. Security testing should be a dispassionate and routine part of the software development lifecycle – application security professionals will tell you it... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu