Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Women in Business: Take the Risk!

anielsen's picture
By Anne Nielsen November 17, 2017

We recently hosted Gloria Larson, the President of Bentley University and one of Boston Magazine's “50 Most Powerful People,” at CA Veracode to talk about diversity with a specific focus on women in business. Our General Manager Sam King and Gloria had a discussion about: President Larson’s career and experience, culminating in her current leadership role The data on diversity in business The... READ MORE

How to Get Started With a CA Veracode Greenlight Free Trial

jworthington's picture
By Janet Worthington November 16, 2017  | Secure Development
CA Veracode Greenlight Free Trial

You never want to be the developer that wrote and submitted vulnerable code into production, especially if it leads to a data breach. Yet, in many organizations that have adopted DevOps practices, application security testing is shifting left into development. It’s far faster to catch and fix security flaws while you’re coding, than trying to go back and fix everything at the end of the process.... READ MORE

Our 2017 State of Software Security Report: Top 5 Takeaways for CISOs

sciccone's picture
By Suzanne Ciccone October 23, 2017  | Security News
Key takeaways for CISOs from our 2017 State of Software Security

We just published our State of Software Security 2017 (SoSS) report, and, as always, it is chock-full of valuable data and insights about the security of applications. Based on 400,000 application scans across our customer base over a recent 12-month period, this year’s report is a gold-mine of intelligence about how organizations are approaching AppSec, what’s working, and what isn’t. This... READ MORE

Podcast: Would A National Data Breach Disclosure Law Create Clarity or Confusion?

lpaine's picture
By Laura Paine October 20, 2017  | Security News

WannaCry and Petya, among other high-profile breaches, have sparked new conversations at CA Veracode around the potential value of cybersecurity and data breach disclosure legislation. Certainly, data breach disclosure requirements are popping up in just about every state, not to mention global standards, such as GDPR. Although they all insist on timely disclosures, their requirements, rules and... READ MORE

Are We Eating From the Dirty Fork?

mcurphey's picture
By Mark Curphey October 19, 2017

Earlier this week, SourceClear researchers wrote a technical analysis showing how they used our Security Graph Language (SGL) to uncover 23 vulnerabilities in GlassFish Open Source Edition. And while I’m certainly proud of our ability to find vulnerabilities that no one else sees, there is a much bigger issue here affecting how we think about and manage open source. Are We Eating From the Dirty... READ MORE

Podcast: Key Takeaways From CA Veracode's Latest State of Software Security Report

Key SoSS Takeaways 2017

CA Veracode just published its latest “State of Software Security” report, get it here. Based on CA Veracode Platform data, these “SoSS” reports have been offering a goldmine of intelligence about how organizations are approaching AppSec since 2011. This year’s report is no different. Evan Schuman recently sat down with CA Veracode’s Director of Product Management Tim Jarrett to discuss the... READ MORE

What's New in the State of Software Security 2017 Report

jzorabedian's picture
By John Zorabedian October 18, 2017  | Security News
State of Software Security 2017

In the past year, we’ve seen an unprecedented series of cyber assaults on democratic elections, ransomware attacks that spread around the world affecting hundreds of thousands of systems in more than 150 countries, and record-breaking data breaches. If we’re going to address this growing crisis effectively, we need a probing inspection of root causes, and fearless prescriptions for new ways... READ MORE

A Very V-E-R-Y Long Day Without Software

eschuman's picture
By Evan Schuman October 11, 2017

Over the summer, some friends at CA Veracode approached me and asked if I would be willing to help them with an experiment. Could I, they wanted to know, spend an entire day neither using nor leveraging any software whatsoever. They bet me that I couldn’t. I love a challenge as much as any journalist so I said “Sure. How hard could it possibly be?” The point of this is to make business people... READ MORE

Announcing Support for the Scala Language and the Boto3 Framework

jjanego's picture
By Jon Janego October 4, 2017  | Security News
Announcing CA Veracode Support for Scala and Boto3

Making Our Static Analysis Even Better As development speed has skyrocketed, security testing has shifted “left,” where it increasingly falls within the realm of the developer, rather than the security team. Today, modern application security programs feature centralized governance by security, but testing and fixing are owned by development in an automated fashion throughout the build process.... READ MORE

Podcast: What the Apache Struts 2 and the Irish Potato Famine Have in Common

sciccone's picture
By Suzanne Ciccone September 28, 2017  | Managing AppSec
Apache Struts 2

More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu