Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Recap: RSA Conference 2016

jlavery's picture
By Jessica Lavery March 1, 2016  | Security News

Acting as one of CA Veracode’s content producers has its perks. One of those perks is being able to attend RSA and having the privilege of sitting in as many sessions as I can fit into a day. Yesterday was the first day of the RSA Conference, and the area around the Moscone Center was already bustling. I attended a variety of sessions, and there was one common thread among all the presentations... READ MORE

glibc – This Will Not Be the Last Open Source Component Vulnerability We See

jlavery's picture
By Jessica Lavery February 17, 2016  | Security News

46610717_ml.jpg On Tuesday, February 16th, Google researchers issued a vulnerability disclosure for glibc (CVE-2015-7547). Though the media has dubbed this an “extremely severe bug,” it seems the majority of news articles and responses to this disclosure have been both measured and appropriate. This is surprising since the media typically hypes branded vulnerabilities,... READ MORE

The ironic battle over crypto

TJarrett's picture
By Tim Jarrett February 4, 2016  | Security News

This post was originally published February 4, 2016 on: www.Jarrethousenorth.com   1365081_ml.jpg Bruce Schneier: Security vs. Surveillance. As the dust finally settles from the breach of the US Office of Personnel Management, in which personal information for 21.5 million Americans who were Federal employees or who had applied for security clearances with the government... READ MORE

Toying with the Broken Window Theory

rwilber's picture
By Rob Wilber January 11, 2016  | Security News

High-tech toymaker VTech recently made headlines when they announced they’d been the victim of a significant cyberattack. Personal account information associated with over 10,000,000 of their customers were compromised in the attack, including over 6 million profiles tied to the children using their toys.  When I got word of this incident, I immediately thought back to a presentation... READ MORE

Why I came to CA Veracode

jfeiman's picture
By Joseph Feiman January 5, 2016  | Customer News | Security News 3

jfeiman-1.jpg Recently CA Veracode announced that I had left my position as a Research VP and Fellow at Gartner to join the company in its pursuit of securing the world’s software.  Some may ask, “why after almost two decades of helping shape the security market, have I decided to leave Gartner and work with a vendor?” I did not take the decision lightly, and... READ MORE

SAFECode Comes Up Short

anielsen's picture
By Anne Nielsen November 23, 2015  | Security News

safecode-principles-software-assurance-assessment.JPG SAFECode has released their Principles for Software Assurance Assessment - a buyer’s guide for businesses that purchase and use software for how they should think about the security of those products. While CA Veracode contributed to the paper, we feel the focus is on a level of maturity that is aspirational at best for the... READ MORE

Cybersecurity in Finance: Time for Change?

dbonderud's picture
By Doug Bonderud November 17, 2015  | Security News

Banks are investing big in cybersecurity. According to Lexology, HSBC has earmarked $1 billion for cybersecurity enhancements, while JPMorgan Chase has doubled down on spending with plans to hit $500 million by the end of 2015. Even financial institutions that aren't actively ramping up their resources are busy backing startups they hope will provide the next generation of cybersecurity. All... READ MORE

Security Leaders: Time for an About-Face?

dbonderud's picture
By Doug Bonderud November 16, 2015  | Security News

Chief information security officers (CISOs) are under fire. According to Bloomberg BNA, both CISOs and chief information officers (CIOs) are now at risk of being named in post-breach lawsuits because these executives, "by dint of their role and purported experience, assume a fiduciary duty to the shareholders." In response, both the ideal candidates and CISO job descriptions are... READ MORE

Healthcare Cybersecurity: Time for a Checkup?

dbonderud's picture
By Doug Bonderud November 9, 2015  | Security News

Discussions of cybersecurity are making their way into boardrooms — but that doesn't mean C-suite executives are fully up-to-date on threats, vulnerabilities and remediation techniques. As noted by The Wall Street Journal, just 11 percent of board members surveyed in a recent National Association of Corporate Directors study claimed a "high level" of knowledge about... READ MORE

Cybersecurity and Corporate Liability

eseymour's picture
By Eric Seymour November 5, 2015  | Security News

Security is now the second leading risk to a company’s brand – ahead of traditional risks related to safety, health, and the environment, according to Deloitte. It should come as little surprise that legal risk related to cybersecurity is becoming a major concern for corporate directors. Pressure is building for boards and management teams to deal with cybersecurity issues that can... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu