Live From RSA Conference 2017 – The Power of Opportunity

jlavery's picture
By Jessica Lavery February 15, 2017  | Security News
Veracode at RSA Conference 2017

It almost didn’t happen, but I made it to the RSA Conference. A series of unfortunately timed winter storms delayed/canceled flights, but I was able to make it out of Boston and to San Francisco only a day late – which meant I only missed the DevSecOps @ RSA Conference 2017 talks on Monday. And the big takeaway after my first day at the conference: it’s all about DevOps. If... READ MORE

How to Help Developers Accept and Embrace Security Testing

jjastrzebski's picture
By Jim Jastrzebski February 14, 2017  | Secure Development
Developers and Security Testing

In previous posts in this blog series, I've explained that AppSec teams should have empathy for developers as they go through the stages of grief after an unfavorable security assessment of their code. In this post, we wrap up by discussing how to get developers to move through the final two stages – from bargaining to acceptance. Bargaining: "We have a firewall that handles this.... READ MORE

A Developer’s Stages of Grief After a Failed Security Assessment

jjastrzebski's picture
By Jim Jastrzebski February 13, 2017  | Secure Development
Developer's Stages of Grief

After nearly 10 years as a security consultant, I've talked to thousands of developers about remediating security flaws in their code. It's not always an easy conversation, and developers have a wide range of emotional reactions, not all of them good. The fact is, developers are increasingly responsible for quality assurance and security testing of their code, tasks that didn’t used... READ MORE

AppSec Managers Should Have Empathy for Developers

jjastrzebski's picture
By Jim Jastrzebski February 10, 2017  | Secure Development
Empathy for developers

Developers don't always respond well to security assessments that highlight flaws in their code. With a little bit of empathy, it's not hard to understand why developers might react with frustration, annoyance, or even hostility. Security testing should be a dispassionate and routine part of the software development lifecycle – application security professionals will tell you it... READ MORE

How About Some Shared Security Responsibility For Developers?

eschuman's picture
By Evan Schuman February 9, 2017  | Security News
Developers need their fair share of code security responsibility.

With the New Year unfolding, 'tis the season to be reminded that app security has not yet arrived at the optimal state. Consider this piece from Kaspersky's Threatpost pointing out how re-used third-party libraries perpetuate security holes long after they have been discovered. For 2017, the industry needs a change in approach. AppSec is certainly getting better, but enterprise security... READ MORE

How important is it to stay on top of the quickly evolving landscape of application security and application layer risk?

sciccone's picture
By Suzanne Ciccone February 9, 2017  | Managing AppSec

In a word, very. You simply cannot secure your application layer without being one step ahead of application security threats and solutions. The problem is that it’s almost impossible to keep up in the face of the current security skills shortage. In a report titled, “Hackers Wanted: An Examination of the Cybersecurity Labor Market,” the RAND Corporation states that: “It... READ MORE

How DevOps Won the Super Bowl

mhorton's picture
By Mitch Horton February 8, 2017  | Secure Development
DevOps in the Super Bowl

I wasn't able to enjoy the Super Bowl on Sunday night as I was flying home from a family funeral. I did get some updates from fellow passengers, and even though the Atlanta fans were celebrating a big lead early and the New England fans were fearing an embarrassing defeat, I knew the game would be a fight to the finish. In case you didn't see it (or if you aren't a big NFL football... READ MORE

Examining Security Spend Reveals Much About Priorities

eschuman's picture
By Evan Schuman February 7, 2017  | Security News

When it is treated as an afterthought, security can never work. When enterprises purchase and write thousands of applications without any formal app security mechanism, they are opening themselves up to breaches. What recent reports show is that there is a real disconnect between the spend on applications and the investment in protecting them.  Gartner is projecting that U.S. enterprises... READ MORE

Podcast: What We Expect to See at RSA 2017

sciccone's picture
By Suzanne Ciccone February 7, 2017  | Security News

The annual RSA Conference is one of the biggest security industry events of the year and, as such, is often a “canary in the coalmine” – signaling the trends, themes and future direction of the security industry. In Episode 2 of Veracode’s AppSec in Review podcast, Brian Fitzgerald, Veracode Chief Marketing Officer, talks to Evan Schuman about what those emerging 2017 trends and themes might be.... READ MORE

Some Surprises in the New New York Cybersecurity Regulations

eschuman's picture
By Evan Schuman February 2, 2017  | Security News

In the US, there exist no meaningful national cybersecurity rules, but, as a practical matter, that is likely to change this year. But it's not coming from Congress. The catalyst is new rules slated to start in March from the New York State Department of Financial Services. In financial areas, that New York department is typically mimicked by a wide range of other state regulators, along with... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.