Tim Jarrett

Tim Jarrett is Senior Director of Product Marketing at CA Veracode. A Grammy-award winning product professional, he joined CA Veracode in 2008 and has a Bacon number of 3. He can be found on Twitter as @tojarrett.
Posts by Tim Jarrett

Why You Should Embrace Failure in Your Development Culture

October 24, 2016  | Secure Development

One of the counterintuitive features of DevOps culture is a willingness to fail. In our success-oriented culture, this might sound like exactly the wrong direction in which to take your development teams. But a willingness to fail quickly, and often, can paradoxically lead your teams to greater success — provided you do it in a structured way and you learn from your failures. There’s... READ MORE

Amplifying Security Feedback with RASP and DevOps

July 7, 2016  | Managing AppSec

When talking about how to secure DevOps, the conversation often starts with how to fit application security testing into the continuous integration/continuous deployment (CI/CD) pipeline. That’s a great area for concern, and there are lots of people writing about the topic. But limiting your thoughts about securing DevOps to “the pipeline” commits a classic fallacy: assuming... READ MORE

Vendor Risk Management Must Include Applications

June 8, 2016  | Managing AppSec

Way back in April, Securosis published a whitepaper “Building a Vendor (IT) Risk Management Program. While the paper is informative and practical – do you know what is noticeably missing? Information on how to manage the risk that comes with using vendor applications. This is surprising because Securosis frequently writes about the importance of application security. Companies are... READ MORE

The Four(ish) Appsec Metrics You Can’t Ignore

April 11, 2016  | Managing AppSec

Metrics are important in application security, and not just because they allow us to quantify the otherwise unquantifiable work of reducing risk that application security teams do. Metrics provide us with a way to communicate the progress of an application security program, whether to a development team that needs encouragement, to senior management or the board who want to understand the value... READ MORE

The ironic battle over crypto

February 4, 2016  | Security News

This post was originally published February 4, 2016 on: www.Jarrethousenorth.com   1365081_ml.jpg Bruce Schneier: Security vs. Surveillance. As the dust finally settles from the breach of the US Office of Personnel Management, in which personal information for 21.5 million Americans who were Federal employees or who had applied for security clearances with the government... READ MORE

Answering your questions about the new State of Software Security report

December 7, 2015  | Research

state-of-software-security-focus-on-application-development-1.jpg On December 3, CA Veracode published a new supplemental State of Software Security Report, Focus on Application Development. As you might have guessed, the report has raised comments and questions – particularly about the security of applications written in different programming languages. There have been some... READ MORE

Protecting your code with an army of monkeys?

June 16, 2015

I was at Gartner’s Security and Risk Management Summit in National Harbor, Maryland last week, and as always one of the best parts of the conference was the conversation that started after the analyst presentations were done. After one session on runtime application self protection (RASP) [see my storify stream], I found myself chatting with one attendee who asked, “How does RASP... READ MORE

Align benefits for enterprise and supplier – or pay

January 26, 2015

In our introduction to this series, we talked about how securing the software supply chain is like other supply chain transformation initiatives and our intention to learn from initiatives like “green” supply chain and RFID rollouts. This post highlights the last of Seven Habits of Highly Successful Supply Chain Transformations, drawing analogies and translating into application... READ MORE

The Fog of War: How Prevalent Is SQL Injection?

January 23, 2015  | Research

Security statistics are complicated, and there’s a lot of fog of war around some fundamental questions like: how common are SQL Injection flaws? A pair of interesting articles over the last day have illustrated some of the challenges with answering that question. A company called DB Networks announced that it had found an uptick in SQL Injection prevalence in 2014, which had appeared to be... READ MORE

Drive compliance via WIIFM

January 13, 2015

In our introduction to this series, we talked about how securing the software supply chain is like other supply chain transformation initiatives and our intention to learn from initiatives like “green” supply chain and RFID rollouts. This post highlights the sixth of Seven Habits of Highly Successful Supply Chain Transformations, drawing analogies and translating into application... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu