Technologies Designed or Transformed for DevSecOps-Enablement

jfeiman's picture
By Joseph Feiman March 8, 2017  | Managing AppSec
DevSecOps-Enablement Technologies

As we outlined in a previous blog post, if we are to choose ideal technologies for DevOps, they should be the ones that are: 1) invisible to Dev and Ops teams, 2) do not require learning by Dev and Ops, 3) run practically by themselves, without Dev and Ops interference, 4) continuously test applications in increments, 5) not only detect vulnerabilities, but also protect applications against... READ MORE

Bringing CA and Veracode Together

CA’s CEO Mike Gregoire and Veracode’s CEO Bob Brennan discuss how the acquisition of Veracode by CA will help make security a seamless, integrated part of the development process, enabling secure DevOps and helping customers hasten their path to revenue.   READ MORE

It's Time to Stop Blaming Developers for Insecure Software

mrunkle's picture
By Matt Runkle March 3, 2017  | Secure Development
Securing DevOps

In two-plus years on the security consulting team at Veracode, and in my prior experience as a security researcher and software developer, I've heard this phrase countless times: "Developers are the biggest cause of security defects." Sure, developers are the ones actively implementing the application – but they’re not the only ones involved in creating software. Lots of... READ MORE

Managing Flaw Review with a Large Multi-Vendor Application

cdomoney's picture
By Colin Domoney March 2, 2017  | Managing AppSec

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise, focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However, in a large enterprise, there are applications that are... READ MORE

RSA Conference 2017 Recap

Neil's picture
By Neil DuPaul March 2, 2017  | Security News
RSA Conference 2017 Wrap Up

After four years of providing web-based support to Veracode's RSA Conference team from our offices in Burlington Mass, I had the pleasure of finally attending the conference myself. First impressions were a bit staggering to say the least. One thing that doesn't exactly come through amid all the web and social chatter that happens around RSAC is the sheer size of this conference as... READ MORE

How to Run a Successful Proof of Value for an Application Security Programme

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

So you’ve got upper management buy-in for your application security proof of value and are ready to start scanning applications: how do you make sure your proof of value (PoV) is a success and that you demonstrate the need to progress to a full-scale program? This article describes some of the lessons learned at the start of our large-scale deployment of Veracode within our organisation.... READ MORE

Veracode Named a Leader in the Gartner Magic Quadrant for Application Security Testing for the Fourth Report in a Row

lpaine's picture
By Laura Paine March 1, 2017  | Security News

For the fourth consecutive report, Gartner placed Veracode as a Leader in the 2017 Magic Quadrant for Application Security Testing1.  Gartner chooses leaders for the report based on a company’s completeness of vision and ability to execute in the application security testing (AST) market. When it comes to leadership, the proof is in the pudding: in 2016, Veracode demonstrated the... READ MORE

Strategies for Rapid Adoption of a Security Programme Within a Large Enterprise

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

A large-scale deployment of the Veracode static code analysis platform across a large enterprise presents a number of unique challenges, such as understanding your application estate, prioritising your applications for scanning, and communicating with your application owners. This blog post provides some guidance based on my experience at delivering several hundred scanned applications in a 14-... READ MORE

Critical Capabilities that DevSecOps Technologies Should Demonstrate

jfeiman's picture
By Joseph Feiman February 28, 2017  | Managing AppSec
Critical Capabilities that DevSecOps Technologies Should Demonstrate

As we outlined in a previous blog post, security technologies, in order to fit DevOps and other agile development processes, should be at the fingertips of Dev and Ops professionals. Yet, neither group is necessarily proficient in security, security is not their priority, and security tools are often unintuitive to people outside the security industry. Cloud-based application security services (... READ MORE

Podcast: Addressing the Skills Gap - How to keep our digital economy growing

jlavery's picture
By Jessica Lavery February 23, 2017  | Security News

Our economy continues to shift from a manufacturing and goods based economy to one that is based on services and technology. This digital economy can help improve our quality of life as well as the speed at which we do business, however there are a number of threats to the growth of the digital economy. Chief amongst these threats is the skills gap that exists between what is needed to continue... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.