There’s a lot to dislike in the National Defense Authorization Act (NDAA) if you’re a civil libertarian. But the big, flawed bill that President Obama signed this month has a lot to like when it comes to security.

When it comes to our dynamic scanning customers our goal, in addition to a high quality report of your code’s vulnerabilities; is to also perform these scans as quickly and efficiently as we can. While there are a variety of metaphorical bumps in the road that can occur in this post we will be focusing on one we’ve seen quite a bit lately. The problem arises when our dynamic scanner hits a wall in the form of a [java applet/flash-based form/activex] or any function that is non-dom based or in other words Non-Standard Authentication. Our dynamic scanner is built to find flaws in dom-based programs and if we hit these types of walls it can adversely affect our ability to complete your scans in a timely fashion.

Paul Roberts has just officially launched his latest project in the form of IT Security news site The Security Ledger. A regular contributor to the Veracode blog and former editor of Threatpost, Paul is a well known and respected name in infosec journalism. The Security Ledger describes itself as –

Lots of software companies make buggy products. But researchers are finding that software security problems often run in the family.

Build.com, an online retailer of home improvement products is announcing today their integration of the Veracode testing platform into it’s Bamboo and JIRA software development tools. This integration will help Build.com detect and fix code vulnerabilities earlier in it’s SDLC, reducing time and the cost of remediation.

This morning at 10am our third Hackathon officially kicked off! Mark Kriegsman got things started by running over the agenda and rules while Chris Wysopal introduced some new programs and incentives that were quite exciting to folks. Everyone grabbed a donut and then before you knew it the gates were opened!

That’s the stance of Yaron Baitch, Technology Manager of Bob’s Stores. At Bob’s Stores they’re utilizing three key functions of the Veracode platform; software review, e-learning and analytics. Software review gives them a fresh set of eyes to manage their internally developed tools and ensure industry safety standards in all their software.

NFC technology has better than even odds to be the “next big thing” – enabling your smart phone to subsume everything from your wallet to your car keys. But – as the Magic 8 Ball might say: the outlook is “not so good” when it comes to security.

As part of the Veracode way, every employee is strongly encouraged to take part in our company Hackathons. A Hackathon is a 3 day event where you get to work on literally any project you like, you may recall reading Mark Kriegsman’s post summarizing our Summer 2012 Hackathon.

Well Hackathon3 is upon us and only a week away. This week posters went up in anticipation of the event and hack ideas are filling the kitchen walls. What will we see from Veracoders in the new year, only time will tell but if history is any indication we can expect great things!

You don’t have to be Nostradamus to predict (correctly) that the shift from personal computers to mobile devices will be the dominant trend in 2013. But the specifics of that transformation – and its impact on security – may surprise us yet.

Last up in our New Year’s Resolution interview series is Gabriella (Biella) Coleman, a trained anthropologist, Coleman is the Wolfe Chair in Scientific and Technological Literacy in the Art History and Communication Studies Department at McGill in Montreal, Canada. She just released her first book, “Coding Freedom: The Aesthetics and the Ethics of Hacking” from Princeton University Press, which was based on her Ph.D research into hacking culture and is now working on a new book on Anonymous and digital media.

Last week we heard from Joshua Corman on how we can do software better. In round two of Paul Roberts’ New Year’s Resolution interview series he catches up with Christofer Hoff on the ghosts of security past, present and future.