Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Podcast: CA Veracode’s 2018 Development Resolutions with Maria Loughlin

lpaine's picture
By Laura Paine February 1, 2018
Developer Resolutions

Earlier this year, we looked at what 2018 has in stock for open source, and we wanted to continue this trend to dive a little bit deeper into the resolutions the developer community may have for the New Year. For some, it’s a matter of striving to write smaller batches of code that are more testable, better for security stance, or getting more of the enterprise to internalize that quality code is... READ MORE

Research Report: DevSecOps Provides a Competitive Edge

jzorabedian's picture
By John Zorabedian January 23, 2018  | Research
DevSecOps Research Report

CA Technologies has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating security throughout the development... READ MORE

Forrester Analyst Amy DeMartine on What to Expect in Open Source in 2018

lpaine's picture
By Laura Paine January 11, 2018
2018 Open Source Software

When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintaining common components – it’s... READ MORE

The Biggest Cybersecurity Stories, Breaches and AppSec Lessons of 2017

jzorabedian's picture
By John Zorabedian December 22, 2017  | Customer News
Cybersecurity Breaches of 2017

The past year featured daily news about cyberattacks, data breaches, and software vulnerabilities. If it feels like our cybersecurity challenges grow bigger and more complex, year after year, it's more than just a perception. Research from security companies, including CA Veracode, shows that there are more attacks than ever, and organizations have not caught up with the preventive measures... READ MORE

Podcast: 2017 OWASP Top 10 – What’s New

sciccone's picture
By Suzanne Ciccone December 21, 2017

For the first time in four years, we have a new OWASP Top 10 list of the most critical application security risks. Cross-site request forgery (CSRF) and unvalidated redirects and forwards have been bumped off the list. XML external entities, insecure deserialization and insufficient logging and monitoring have been added. What’s the significance of both the additions, and the subtractions? CA... READ MORE

Podcast: Are We at Risk For Data Breach Disclosure Fatigue?

lpaine's picture
By Laura Paine December 21, 2017

What is the fundamental purpose of data breach disclosures? To help the company breached? To help other companies in a similar position? To help the customers of the breached company? To help law enforcement? At its most extreme, should it ever be about shaming a company that had poor security? Depending on the circumstances, it can be about all of the above. Focus on the customer. That’s a... READ MORE

CA Veracode Named a Leader in The Forrester Wave for Static Application Security Testing

lpaine's picture
By Laura Paine December 12, 2017

I’m always a fan of ending the year on a high note, so you can imagine how excited I am to share the news that CA Veracode has been named a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017 report by Forrester Research. Forrester ranks its vendors through the detailed evaluation of the 10 most significant vendors in static application security testing (SAST). The report... READ MORE

Podcast: When it Comes to Data Breach Disclosure, When Does the Clock Start Ticking?

lpaine's picture
By Laura Paine November 28, 2017  | Managing AppSec
When do you disclose a data breach?

In the last episode of the Cyber Second Podcast, we talked about the confusing patchwork of rules and laws – state, federal, global – dictating data breach disclosure rules. The common thread in nearly all of the existing regulations is that the disclosure clock starts the very moment that a company becomes aware of the breach. But when does someone truly know something, and who needs to know to... READ MORE

OWASP Top 10 Updated for 2017: Here’s What You Need to Know

jzorabedian's picture
By John Zorabedian November 20, 2017  | Secure Development
OWASP Top 10 2017

For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community. This update went through two versions. After the initial release candidate in April 2017 got... READ MORE

Women in Business: Take the Risk!

anielsen's picture
By Anne Nielsen November 17, 2017

We recently hosted Gloria Larson, the President of Bentley University and one of Boston Magazine's “50 Most Powerful People,” at CA Veracode to talk about diversity with a specific focus on women in business. Our General Manager Sam King and Gloria had a discussion about: President Larson’s career and experience, culminating in her current leadership role The data on diversity in business The... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu