SOURCE conference 2012 is happening on Boston right now! The keynote for this year’s conference came from Josh Corman and Jericho. Among other talks, the first day also featured Veracode’s Shyama Rose who presented on “Successful Application Security Programs in an Uncertain Landscape“.

To view a list of Veracode speakers at the conference, click here.

Keynote for Day 2 was from Dan Geer, CISO In-Q-Tel. His keynote generated a lot of interest in the Twittersphere from the conference attendees. In his talk, Geer focused on Internet and critical infrastructure. Click …

At RSA this year, Howard Anderson, News Editor for the Information Security Media Group interviewed Chris Wysopal, Veracode CISO and Co-Founder. In the interview, Chris talked about application security, the future of AppSec, and what he believes to be the next major hot topic in this space. Chris also outlined why organizations now need their comprehensive data leakage protection programs to include application security.

View the podcast below.

We also added in some key highlights of the interview.

Q: What do you think is the hot topic on the application security arena?

Chris: One of the things that I am really …

Veracode Marketing recently polled a list of InfoSec luminaries, asking them “What is the biggest mistake companies make with Application Security and how can they fix it?” We’re pleased to present the responses from a wide array of security experts including Bill Brenner of CSO Magazine, Andrew Hay of the 451 Group, Jack Daniel of Tenable Network Security and Veracode’s own, Chris Wysopal. While all our experts have their unique perspectives, some common themes arose including the basic idea of taking application security more seriously and committing to a programmatic approach vs. ad hoc manual testing. We want to thank …

Happy Friday to all. Welcome to another edition of our Weekly News Roundup.

Dennis Fisher of Threat Post reports on a breach of the Medicaid and Child Health Insurance Plan in Utah which lead to the leakage of personal information, including Social Security numbers of 181,000 individuals. The intrusion occurred after the Utah Department of Technology Services was compromised by hackers who were able to steal 24,000 files. The attackers were able to gain access to the system by exploiting an error in the authentication system on one of the servers.

On a lighter note,

We are thrilled to announce that Veracode has secured an additional $30M in funding from Meritech Capital Partners and existing investors Atlas Venture, .406 Ventures and StarVest Partners.

Our investment demonstrates our confidence in the market and is intended to accelerate Veracode’s already impressive growth” said Rob Ward, Managing Director at Meritech Capital Partners. Some of Meritech’s other portfolio companies include Facebook, Zipcar, Imperva, Good, Vonage and Salesforce.com.

Two new key additions to the executive team are Ed Jennings, who joins Veracode as Executive Vice President of Sales, Marketing & Services, and Greg Nicastro who joins as …

Can’t security professionals and developers just get along?

Consider this – If the number one job of a security professional is to place a developer’s code under a microscope and highlight each and every flaw, you can appreciate why there may be some tension. The majority of solutions used by security professionals to test developer code only offer assessments of what they did wrong. Can we apply a different lens while having this conversation?

Recently we featured a webinar where Donna Durkin, CISO of Computershare, and Tim Jarrett, Director of Product Management, candidly discussed what works and doesn’t when …

threatpost is featuring a series of blog posts on Application Security by Veracoder Fergal Glynn. The first post in the series “ A CISO’s Guide to Defining Application Security – Part 1: Defining AppSec” went live today.

In this post, Fergal defines Application Security or “AppSec” and lists key elements of the discipline. The post outlines various development and deployment options available today which can potentially introduce security vulnerabilities into software, and the need for Appsec products to help manage security risk across all these options.

The next post in this series will examine …

Now and again we present short educational briefings on topics related to Application Security. Last time we discussed Data Breaches, read more here. Today I will present a brief overview of Buffer Overflows.

A Buffer overflow is a common software coding mistake. In order to effectively mitigate buffer overflow vulnerabilities, it is important that you first understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit these vulnerabilities.

A buffer is a sequential section of memory allocated to contain anything from a character string to an array …

Happy Friday! Here’s what was big in cyber security headlines this week. Enjoy!

Global Payments breach: “Up to 1.5 million Visa, MasterCard credit card numbers stolen” by Emil Protalinski (@EmilProtalinski). In this blog post Emil Protalinski details the recent security breach against Global Payments, a major payment processing company. It was announced last Friday that Global Payments had suffered a security breach effecting Visa and Mastercard customers in North America. It has been determined that as many as 1.5 million credit card numbers were stolen in the breach, although the company has assured Visa and Mastercard customers …

As a Security program manager here at Veracode, I frequently get asked questions about the need to integrate security into the SDLC. The Security Program Manager position at Veracode is a consulting role to ensure the adoption of Veracode’s solutions throughout our client’s IT delivery and Security organization. I am often asked about the effort required in integrating build systems with Veracode. I thought this would make a good blog post and decided to outline my answers to these questions.

Q: Why Integrate Security in the SDLC?
A: Security is an aspect of business operations that affects every member in …

The latest data breach involving Global Payments, the processor for Visa and MasterCard, renewed the spotlight on cyber security around financial institutions. One post that caught the attention of the Marketing team here at Veracode was the listing of the Top 9 Most Expensive Data Breaches in the Financial Services industry, featured in www.wallstreetandtech.com

As a member of our research team pointed out, 4 of the top 5 breaches were all hacks. Of those, 2 were known to be application security related, NASDAQ and Citibank. As you digest this information, I would like to direct you to a blog …

We recently received the video footage from Chris Wysopal’s presentation at the 2011 TCIPG (Trustworthy Cyber Infrastructure for the Power Grid) Summer School.

The Summer School program is designed to help participants gain an understanding of how the power grid is evolving into a smarter energy system, and explores the challenges associated with cyber security for smart energy systems.

The topic for these sessions was “Cyber Security for Smart Energy Systems,” and Chris was featured for a lecture on the role of secure software in building secure infrastructures. We’re currently featuring an excerpt from the video on our website …

Happy Friday, all!

It’s time for our weekly news roundup, and these are the stories that made it to our list this week.

1. Ross Brewer of Help Net Security Blog authored “Cybercriminals increasingly target financial services industry”. The post details a new report released by PWC this week that revealed that the financial services industry was the most common target of cybercriminals, and accounted for 38 percent of incidents, more than double that of other industries. Brewer goes on to say that, “Traditional perimeter security solutions such as anti-virus or encryption, while still playing a part …

Yesterday, we showcased the top blog posts on the Veracode Blog from all time, and we promised a Part II to Veracode’s Greatest Hits. Here it is. Enjoy!

Are there any favorite posts you like on the Veracode Blog that did not feature in this list? Let us know, we’d love to hear from you.

Since its inception, the Veracode Blog has seen a lot of activity from bloggers across the company. We crunched some numbers to look at our most popular blog posts ever. Some posts are from previous years, while others are more recent – but their popularity attests to the fact that they are all hugely informative and entertaining. Browse this hugely popular listing of our posts, and let us know if your favorite made it in! Enjoy!