Tim Jarrett

Tim Jarrett is Senior Director of Product Marketing at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and has a Bacon number of 3. He can be found on Twitter as @tojarrett.
Posts by Tim Jarrett

Amplifying Security Feedback with RASP and DevOps

July 7, 2016  | Managing AppSec

When talking about how to secure DevOps, the conversation often starts with how to fit application security testing into the continuous integration/continuous deployment (CI/CD) pipeline. That’s a great area for concern, and there are lots of people writing about the topic. But limiting your thoughts about securing DevOps to “the pipeline” commits a classic fallacy: assuming... READ MORE

Vendor Risk Management Must Include Applications

June 8, 2016  | Managing AppSec

Way back in April, Securosis published a whitepaper “Building a Vendor (IT) Risk Management Program. While the paper is informative and practical – do you know what is noticeably missing? Information on how to manage the risk that comes with using vendor applications. This is surprising because Securosis frequently writes about the importance of application security. Companies are... READ MORE

The Four(ish) Appsec Metrics You Can’t Ignore

April 11, 2016  | Managing AppSec

Metrics are important in application security, and not just because they allow us to quantify the otherwise unquantifiable work of reducing risk that application security teams do. Metrics provide us with a way to communicate the progress of an application security program, whether to a development team that needs encouragement, to senior management or the board who want to understand the value... READ MORE

The ironic battle over crypto

February 4, 2016  | Security News

This post was originally published February 4, 2016 on: www.Jarrethousenorth.com   1365081_ml.jpg Bruce Schneier: Security vs. Surveillance. As the dust finally settles from the breach of the US Office of Personnel Management, in which personal information for 21.5 million Americans who were Federal employees or who had applied for security clearances with the government... READ MORE

Answering your questions about the new State of Software Security report

December 7, 2015  | Research

state-of-software-security-focus-on-application-development-1.jpg On December 3, Veracode published a new supplemental State of Software Security Report, Focus on Application Development. As you might have guessed, the report has raised comments and questions – particularly about the security of applications written in different programming languages. There have been some... READ MORE

Protecting your code with an army of monkeys?

June 16, 2015

I was at Gartner’s Security and Risk Management Summit in National Harbor, Maryland last week, and as always one of the best parts of the conference was the conversation that started after the analyst presentations were done. After one session on runtime application self protection (RASP) [see my storify stream], I found myself chatting with one attendee who asked, “How does RASP... READ MORE

Align benefits for enterprise and supplier – or pay

January 26, 2015

In our introduction to this series, we talked about how securing the software supply chain is like other supply chain transformation initiatives and our intention to learn from initiatives like “green” supply chain and RFID rollouts. This post highlights the last of Seven Habits of Highly Successful Supply Chain Transformations, drawing analogies and translating into application... READ MORE

The Fog of War: How Prevalent Is SQL Injection?

January 23, 2015  | Research

Security statistics are complicated, and there’s a lot of fog of war around some fundamental questions like: how common are SQL Injection flaws? A pair of interesting articles over the last day have illustrated some of the challenges with answering that question. A company called DB Networks announced that it had found an uptick in SQL Injection prevalence in 2014, which had appeared to be... READ MORE

Drive compliance via WIIFM

January 13, 2015

In our introduction to this series, we talked about how securing the software supply chain is like other supply chain transformation initiatives and our intention to learn from initiatives like “green” supply chain and RFID rollouts. This post highlights the sixth of Seven Habits of Highly Successful Supply Chain Transformations, drawing analogies and translating into application... READ MORE

The Elephant in the Room is Compliance

January 6, 2015

The C-word - compliance - is one that has a mixed reception in application security circles. While some observers, like Verizon, say that there’s a correlation between compliance efforts like PCI and reduced likelihood of breach, others see compliance efforts as not doing enough to move the needle on application security. But the fact remains that if you’re trying to run a supply... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu