Our team is overseas this week in London for the 18th annual Infosecurity Europe conference. Stop by the Veracode stand(H21) to learn about S.O.U.P. and what you can do to stop it from hurting your company. We will also be giving away £500 GBP to a random lucky winner!

Apple’s iOS mobile operating system accounted for almost all the mobile OS vulnerabilities documented in 2012, but Google’s Android mobile OS accounted for almost all the malware. When it comes to application security, do ‘bad neighborhoods’ matter?

What vulnerabilities threaten the integrity of your software supply chain and data? Can your enterprise really influence software vendors to meet your most important security policies and remediate insecure software? Enterprises are taking on unbounded risk as a result of increased investment in outsourced, commercial, SaaS, mobile and open source applications. Enterprises are leaving themselves particularly vulnerable because buyers so rarely think to secure the software they purchase. Why accept this risk?

Last week, during a SoSS report pre-briefing, Chris Eng was discussing our prediction around CISO tenure and said: “Who wants to be a CISO these days, not me.” Even with SoSS Vol5 predicting CISO tenure would shrink, it was shocking to hear our research VP make such a statement.

Within the next 10 years, computer programming will go from being a specialized skill to a basic form of literacy. But are schools the right place to teach kids how to code? Maybe not.

Thursday, April 11th – 1pm ET: Register Now!

Join Chris Wysopal, our CTO and Co-Founder, as he breaks down the present and future state of application security. He will dive into the data that drove the predictions detailed in Veracode’s fifth annual State of Software Security Report. This report pulls data from tens of thousands of live application scans performed on the Veracode Platform.

It’s only a matter of time before someone finds all the skeletons in your closet. In this case the “someone” is a hacker and the “closets” are your applications. As if that isn’t scary enough, consider all of the 3rd party applications and libraries being leveraged to make your applications function…and all of their skeletons you don’t know of. No bones about it, there’s a whole heap of issues that can no longer accept failure as the norm.

Early this morning we released our annual State of Software Security Report (SoSS). The report includes the latest research on software vulnerability trends as well as predictions on how these flaws could be exploited if left unaddressed and what this may mean for organizations’ security professionals.

Google announced on Wednesday that it will stop using Apple’s Webkit rendering engine and split (or “fork”) the code to make its own engine, “Blink.” Was Google’s move the first salvo in a new round of ‘browser wars,’ or a vote for improved code security?

Cloud hosted versus on premises – which is safer? The answer: “It really doesn’t matter,” according to a new report by the firm AlertLogic. A study of 45,000 security incidents over a six month period confirmed that company’s earlier finding that cloud and customer-maintained resources are about equally susceptible to attack, with web application attacks the common denominator.

“Our developers are just too busy to worry about securing their applications.” If only I received a dollar for every time I have heard a CISO, CIO or Application Security Manager say these exact words when attempting to develop an appsec program.

Back in November 2012 I did Veracode’s initial release of a report on the top 1 million websites from the Alexa list. My goal was to turn it into a series so it would be possible to track how these sites change over time in regards to security headers that are added, removed or changed.

Having well defined and easily understood security policies in place makes it easier to deliver secure applications. However, creating these policies, testing against them and then knowing what actions to take in order to mitigate the risks isn’t always straightforward.

Optimizing your browser’s settings is a critical step in using the Internet securely and privately. Today’s popular browsers include built-in security features, but users often fail to optimize their browser’s security settings on installation. Failing to correctly set up your browser’s security features can put you at a higher risk for malware infections and malicious attacks. This installation of our “Cybersecurity 101” series provides our tips for securing several of today’s most popular browsers, including Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer.