Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News Aug 08 2018 Infosecurity Magazine

#BHUSA18: People are the Key to a Security Company

The future of cybersecurity product development relies on having a good idea, and the networking skills to gain feedback, interest customers and attract great employees, CA Veracode CTO Chris Wysopal said in a presentation during Black Hat 2018.


In the News Aug 07 2018 CRN

Black Hat 2018: 6 Execs On What The Boardroom Overlooks Around Cybersecurity Strategy

CRN asks six security CEOs and technical leaders attending Black Hat 2018 what areas of cybersecurity need to receive more attention in the Boardroom. Read why CA Veracode Vice President of Research Chris Eng believes boards need to be more aware of the risks of breaches resulting from code originating in open-source libraries. 

In the News Aug 06 2018 CSO

Blockchain only as strong as its weakest link

In his latest column for CSO, CA Veracode CTO Chris Wysopal spells out why the blockchain isn't completely secure - the software components interacting with it are written in code, and most software code has bugs and vulnerabilities. Here's how to begin fixing the vulnerabilities. 

In the News Jul 16 2018 CSO

5 ways to hack blockchain in the enterprise

Blockchain may hold tremendous promise for enterprises, but it's also vulnerable to a variety of attacks. CA Veracode CTO Chris Wysopal and other experts detail the risks in CSO. 

In the News Jul 09 2018 Threatpost

How to Solve the Developer vs. Cybersecurity Team Battle

CA Veracode's Chris Eng tackles how companies can bring bridge the divide between software developers and cybersecurity teams to bring to market reliable and secure applications in a contributed article in Threatpost. 

In the News Jul 05 2018

Nearly 5 out of 10 application developers do not update components when there is a vulnerability

A study commissioned by CA Veracode reveals that 83% of developers use commercial or open source components in their creations.

In the News Jul 05 2018 Security Boulevard

A Closer Look at Security’s Role in a DevSecOps Organization

In a detailed overview of a talk about implementing DevSecOps in an organization, CA Veracode CTO Chris Wysopal tackles an important, practical question head-on: If AppSec is shifting left, and the responsibility of testing security now belongs to developers, what does this mean for the security team?

In the News Jun 19 2018 Washington Post

Hackers stole federal workers' information four years ago. Now we know what criminals did with it.

Chris Wysopal, chief technology officer at the cybersecurity firm CA Veracode, said the information may have surfaced on the dark web, where criminals could have purchased it for as little as $20 to $30. He said there must have been a “telltale sign” that enabled investigators to confirm that it came from the OPM breach and not another data compromise.

In the News Jun 19 2018

Veracode, the point on application security

Some data from the SOSS (State of Software Security) Report show that organizations doing testing and rehabilitation are placing priorities on the worst vulnerabilities, reducing the density of defects in the high and very high severity range; nevertheless, only 14% of the most serious defects are resolved in less than a month, while almost 12% of applications have at least one high or very high severity defect

In the News Jun 18 2018 The Register

'90s hacker collective man turned infosec VIP: Internet security hasn't improved in 20 years

It has been 20 years since Chris Wysopal (AKA Weld Pond) and his colleagues at the Boston-based L0pht* hacker collective famously testified before the US Senate that the internet was hopelessly insecure.

In the News Jun 15 2018 CSO

Keeping the Stars and Stripes Secure

Some of the most pressing threats to our national security are found not in the physical world, but in cyberspace. It's past time for our nation to adapt to the changing landscape and bring our security infrastructure up to speed.

In the News Jun 15 2018

Open source components, without adequate security attention

"Developers are concerned about creating quality code, and that means creating secure code," says Pete Chestna, director of relationship with developers, CA Veracode. "To be successful, developers must have a clear understanding of security policies and must have the tools to measure them. When the objective is clear and we give them access to these tools, they are able to integrate the scan in the early stages of the life cycle of software development and can make informed decisions that take safety into account, and as a result, we are seeing a significant improvement in the development of secure software and the resulting products."

In the News Jun 14 2018 IT

Cyber Attacks & IT Security

"We see that IT security must fundamentally change," explains Julian Totzek-Hallhuber, Solution Architect at Veracode. "Organizations today use a wide variety of applications across multiple business units, but these self-developed or purchased applications continue to have vulnerabilities that allow cybercriminals to attack and cause great damage."

In the News Jun 12 2018

Making DevOps a Reality- Bringing in Security: Top 4 Topics

I caught up with Maria Loughlin, vice president of engineering at CA Veracode; Chris Eng, vice president of research at CA Veracode; and Alan Shimel, CEO of, to talk more about their recent panel webinar on bringing in security to make DevOps a reality. It was enlightening to hear their perspectives on how companies can build security into its culture so that it permeates the development process. Many enterprises have realized that with the continuing popularity of DevOps comes the possibility of creating an environment that allows software vulnerabilities. In truth, more teams are integrating security testing into their development processes.

In the News Jun 11 2018 CIO Review

Scaling Your Application Security Program

We now live in a world where software applications are omnipresent. The world’s largest enterprises are increasingly finding themselves in the software business. It doesn’t matter what their end products are, they are building Web applications, mobile apps and other software for their products and this software is becoming a key interaction point between brands and their customers and partners. According to a recent McKinsey study, it is now widely accepted that innovation isn’t optional, and that utilizing new software technologies is a prerequisite to success in virtually all industries.

In the News Jun 08 2018 Digitalisation World

Disruptive display

The latest addition to the CA Security portfolio, CA Veracode SourceClear is a SaaS-based software composition analysis tool which relies on a unique vulnerability database that goes beyond the National Vulnerability Database (NVD) and vulnerable methods technology to increase the actionability of static composition analysis (SCA) results. Unique to CA, the combination of CA Veracode and CA Veracode SourceClear offerings enable organisations to use open source libraries to accelerate software development without adding unmanaged risk to support the DevSecOps movement.

In the News Jun 08 2018 ITBusinessEdge

Securing DevOps Without Undermining It

Everybody wants to do DevOps right, and part of that equation is making sure applications and services remain secure even as development and integration transition to a continuous workflow model.

In the News Jun 01 2018 Bleeping Computer

OMB Releases Damning Report on U.S. Govt's Inability to Counter Cyber Threats

The United State's Office of Management and Budget (OMB) oversees the implementation of the president’s objectives in the areas of policy, budget, management and regulation. To that end, the recent government-wide cybersecurity risk assessment, carried out by the OMB, in coordination with the Department of Homeland Security (DHS), highlights several serious issues that continue to imperil federal cybersecurity and ultimately put the nation at risk.

In the News May 31 2018 TEISS

RSA SPECIAL: Can governments stay cyber safe?

TEISS caught up with Chris Wysopal, CTO at CA Veracode at RSA 2018 for his thoughts on elections, hacking and whether we should still trust the system…

In the News May 31 2018 TEISS

RSA SPECIAL: Hacking and elections

What has been done since 2016 to secure our voting systems for the next major election? What needs to be done? What is our reality check when it comes to the risks global vulnerabilities pose? TEISS caught up with Chris Wysopal, CTO at Veracode at RSA 2018 for his thoughts on elections, hacking and whether we can still trust the system…

In the News May 30 2018 Wired

The Bleak State of Federal Government Cybersecurity

"One thing they seem to have kind of punted on is the whole legacy tech modernization issue," Veracode's Wysopal notes. "And to me that’s probably the biggest and most important issue. Agencies are using five different versions of Windows going back 10 years, running multiple versions of things like Java and Flash, and their email is a huge mess. You’re never going to be able to hire enough personnel to manage all that risk without simplifying and standardizing."

In the News May 30 2018 Threatpost

Bug In Git Opens Developers Systems Up To Attack

“These are tricky vulnerabilities that will require the Git hosting services to patch, but also individual developers who are using the tool,” said Tim Jarrett, senior director of security, CA Veracode.

In the News May 25 2018 Dev Insider (DEU)

Lack of vulnerability analysis in companies - Little attention to external code components

In a recent CA Veracode study, 93 percent of respondents said they used external code components. More and more commercial and open source components are used in software development. If a vulnerability becomes known, but only about half of the developers update these code components, according to a CA Veracode study.

In the News May 24 2018 The Parallax

20 years on, L0pht hackers return to D.C. with dire warnings

It was not the usual Congressional scene in room 2237 of the Rayburn House Office Building on Tuesday afternoon. More people in the audience than usual had hair dyed pink or green, and opted for T-shirts instead of button-down attire. And the name tags on the table in front of the room sported an unusual set of monikers: Kingpin, Mudge, Weld Pond, and Space Rogue. The occasion was a reunion of four members of the hacking collective L0pht Heavy Industries, organized by the Congressional Internet Caucus Academy and the Senate Cybersecurity Caucus, almost 20 years after L0pht members warned of rampant insecurity online in the Senate’s first cybersecurity hearing.

In the News May 23 2018 Washington Post

The Cybersecurity 202: These hackers warned Congress the internet was not secure. 20 years later, their message is the same.

Twenty years ago this week, a collective of young hackers came to Washington with a warning for Congress: Software and computer networks everywhere were woefully insecure. During that now-infamous hearing in May 1998, one told senators that “any of the seven individuals seated before you” could take down the Internet in just half an hour.



contact menu