Tim Jarrett

Tim Jarrett is Senior Director of Product Marketing at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and has a Bacon number of 3. He can be found on Twitter as @tojarrett.
Posts by Tim Jarrett

Best Practices for Complying with Emerging Application Security Regulations

August 14, 2017  | Managing AppSec

In a previous blog post, we discussed how the proliferation of data breaches has caught the attention of regulators, which are increasingly focused on cybersecurity and application security. Case in point: Two recent major regulations – the EU Global Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their... READ MORE

What You Need to Know About the Latest Trends in AppSec Regulations

August 8, 2017  | Security News

As major data breaches continue to expose customers’ sensitive data and cause major monetary and reputation damage to organizations, regulators are taking notice. Two recent major regulations – the EU Global Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their scope and depth. Considering the prominence... READ MORE

Announcing Updates to Veracode Integrations to Microsoft Visual Studio Team Services, Team Foundation Server and Visual Studio

July 24, 2017  | Secure Development

We are pleased to announce updates to the Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or have approved mitigations. The Visual... READ MORE

Veracode Visual Studio Extension, Now in the Visual Studio Marketplace

March 28, 2017  | Customer News

Application security cannot be solved with a tool alone. There are significant organizational challenges, like gaining buy-in from various areas of your organization, helping developers to fix security flaws and making sure that security becomes part of the testing process. It’s truly a cultural shift. As such, adoption of application security will only be successful if you eliminate as much... READ MORE

Application Security? But I Have a WAF!

December 28, 2016  | Intro to AppSec

Ineffective Web Application Firewalls

It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with it? Why should you spend time hunting down vulnerabilities in your code and figuring out how to fix them? The “appliance throwing... READ MORE

5 Ways to Keep Your Applications Safe From Vulnerable Components

December 1, 2016  | Secure Development

In earlier blog posts in this series, we’ve learned more about how the vulnerability used to break into the San Francisco Municipal Transportation Agency’s computers may have come from a single vulnerable open source component. We’ve talked a little about how developers use open source components – and why it’s hard for them to know what’s in their applications... READ MORE

How One Open Source Component Put Up to 25% of Java Applications at Risk

November 30, 2016  | Secure Development

In the first part of our blog series on the ransomware attack on the San Francisco Municipal Transportation Agency, we discussed how the attacker chose to exploit a deserialization vulnerability in WebLogic to compromise vulnerable systems. And we learned that this vulnerability was a big target, because it is the result of a component (Apache Commons Collections) present in about 50 percent of... READ MORE

Why the Ransomware Attack on San Francisco Is Such a Big Deal

November 29, 2016  | Secure Development

The day after Thanksgiving saw the San Francisco Municipal Transportation Agency hit with a ransomware attack. The attacker demanded 100 bitcoins (about $73,000) to unlock the computer systems and ticketing machines. According to security journalist Brian Krebs, the SFMTA wasn’t targeted for political reasons – it was a target of opportunity discovered by an attacker looking for... READ MORE

Regulations like FS-ISAC and PCI are now looking at the security of open source components, are you ready?

November 29, 2016  | Managing AppSec

regulations appsec compliance

For years, organizations have “checked the box” by doing the minimum to meet security standards like PCI and FS-ISAC, but a rising tide of breaches has caused most auditors to look more seriously at organizations’ security practices, including the security of open source components. Do your developers use open source components? Are you prepared to answer regulators about their... READ MORE

Why You Should Embrace Failure in Your Development Culture

October 24, 2016  | Secure Development

One of the counterintuitive features of DevOps culture is a willingness to fail. In our success-oriented culture, this might sound like exactly the wrong direction in which to take your development teams. But a willingness to fail quickly, and often, can paradoxically lead your teams to greater success — provided you do it in a structured way and you learn from your failures. There’s... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu