Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News Feb 14 2017 Infosecurity

RSAC: Interview: Chris Wysopal, CTO & Co-Founder, Veracode

Live on RSACTV at the Moscone Center in San Francisco, Infosecurity Magazine interviewed Chris Wysopal (@WeldPond), CTO and co-founder of Veracode, about the evolution and future of the infosec industry.

Press Release Feb 09 2017

Veracode Appoints International and Channel Executives to Support Rapid Growth of Application Security Market

Tony Caine to Serve as Executive Vice President and General Manager of International Operations, Leslie Bois as Vice President, Global Channel

Press Release Jan 25 2017

Veracode Greenlight Lets Software Developers Spot Security Defects in Seconds, Without Ever Leaving Their Development Environments

New solution enables secure coding to be achieved at the speeds needed for DevOps and high-velocity software development.

Press Release Dec 20 2016

Global Survey Data Finds 40 Percent of Business are Implementing Security Testing at the Programming Stage

Independent research commissioned by Veracode highlights improvements made in secure development, as well as areas for future improvements in secure application delivery.

Press Release Nov 16 2016

Veracode Empowers Secure DevOps Environments Through Microsoft Visual Studio Team Services Extension

New plug-in allows DevOps teams to rapidly embed security into software development lifecycles.

Press Release Oct 18 2016

Veracode Report Finds Open Source Components Proliferating Digital Risk at an Alarming Rate

Veracode today released the findings in its annual State of Software Security Report (SoSS). The seventh edition of the report presents metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months.

Press Release Oct 05 2016

Veracode Helps Web and Mobile Programmers Go Faster More Securely, and Passes Two Trillion Mark in Code Scanning

New Offerings Deepen Coverage for Popular Web and Mobile Languages, While Helping Users of Older Mission-Critical Applications Improve Security

Press Release Sep 29 2016

Cybersecurity Professionals Admit to Releasing Software Code Before Security Testing for Bugs

Survey data reveals that although majority of respondents feel as though their software and applications are secure, many lack the proactive, layered security programs necessary to combat today’s vulnerabilities

In the News Sep 07 2016 WGBH News

Is Voter Fraud Going High Tech?

The FBI has reportedly told election officials in Arizona and Illinois that Russian hackers are pursuing their voters list. Federal officials have sent a warning to all state election officials that there could be attempts to hack any election related networks. Veracode Co-Founder Chris Wysopal (@WeldPond) and Harvard Cyber Security Project Postdoctoral Fellow Ben Buchanan (@BuchananBen) joined Jim to discuss potential election hacking.

In the News Aug 25 2016 Battery Ventures

Veracode chosen in glassdoor “50 Highest Rated Private Cloud Companies to Work For” List

Delivering key tech infrastructure and software through the cloud is one of the biggest technology trends today, driving billions in new revenue—and also much of the tech industry’s recent M&A activity.

Press Release Jun 06 2016

New Innovations from Veracode Help Security Teams and Software Developers Protect Applications and Shorten Time to Deployment

These announcements are evidence of Veracode’s aggressive strategy to transform application security, extending it across the entire software lifecycle to reduce risk, manage compliance and shorten deployment times for secure software applications, while making secure coding practices a more seamless and positive part of the development processes. 

In the News Mar 11 2016 Associated Press

Cruz campaign updates smartphone app to fix security flaws

The campaign of Republican presidential candidate Ted Cruz updated its mobile app after an independent review found security flaws that could have allowed hackers to access personal data from users. The computer-security firm Veracode performed audits of the "Cruz Crew" app and those released by other 2016 presidential contenders at the request of The Associated Press.

In the News Mar 07 2016 Dark Reading

Automakers in the hotseat for vehicle cybersecurity

Whenever you have a supply chain and the more complicated it is, and the more individual pieces it has, the more difficult it is to do security. There are so many different parties involved: infotainment, connectivity, and they’re going with someone else to do the OS, like Apple Car Play, for example. Ford and Toyota are going with their own OSes. Who’s building the apps? [Likely] a third party. For at least three years they are going to have to deal with in-bound vulns at a rate higher than today and have to respond to them.

In the News Mar 07 2016 IDG

Is a cyber-liability insurance policy in your company's future?

Who’s going to decide when you have negligent security or good security? There are certain common sense things you need to do. The thing is codifying those common sense things – like application security best practices. I think the cyber insurance industry will help do that because they don’t want to pay out, which in turn will create a baseline for security best practices.

In the News Mar 06 2016 eWeek

Security training for developers failing to keep up with threats

Services like Veracode can help because their remediation services include consultation with coding experts so that developers see where mistakes are being made. "You need to start before you get to that point," Wysopal said. "You need to understand your application's threat model up-front, how you could be attacked, what data they might go after. Then test before you get hacked versus the threat model."

In the News Mar 02 2016 Threatpost

DROWN flaw illustrates dangers of intentionally weak crypto

Chris Eng, VP of research at Veracode, points out DROWN is the most recent, but far from the only example of intentionally crippled encryption (or backdoors) that have come back to haunt security professionals. “In the security industry there are a number of examples. That’s happened over and over again. The most recent is the Juniper backdoor and Dual EC DRBG. These (backdoors) were meant to be secrets that maybe only the maintenance staff or only a few knew about. But once that secret gets out then the good guys know it and the bad guys know it. It then takes a lot of effort to go back and patch the long tail of deployed products.”

Press Release Mar 01 2016

IDC and Veracode Study Reveals Major Concerns Over the Security of Connected Cars

Combining driver sentiment with in-depth interviews from organizations such as Fiat-Chrysler, Seat, Scania, Delphi and German industry body ADAC, new research sheds light on key questions, such as: What are the cybersecurity implications of the connected car? Who is responsible for ensuring the applications are secure? Where does product liability lie? What are the issues and approaches for personal data and privacy?

In the News Mar 01 2016 Threatpost

Car industry three years behind today’s cyberthreats

“When you think about the plans to allow customers to download apps for infotainment systems to control different environments the risks is only going to increase,” Wysopal said. “What’s going to happen when something goes wrong?” Eight-seven percent of drivers polled said car manufacturers should be liable for the safety of the car, including third-party app reliability, manufacturer apps and protection from hackers. “We have answered a lot of these questions in the smartphone world with iOS and Android,” Wysopal said. “But when it comes to automobile safety it gets much trickier.”


In the News Feb 18 2016 SC Magazine

Stack-based buffer overflow bug found in glibc

Like Heartbleed and Shellshock before it, the glibc vulnerability reinforces the reality that using components in the application development lifecycle introduces risk. ...our software is constructed like Legos, relying on components rather than coding. This is why it's important to have complete visibility into all of the components development team are using, as well as the versions being used to ensure they can quickly patch and/or update the component version when a new vulnerability is disclosed.

In the News Feb 17 2016 Re/code

Can CNAP succeed without building on past lessons in safety?

For decades, cities were built and developed with functionality and convenience in mind. It wasn’t until the Great Chicago Fire destroyed an entire city and cost the lives of hundreds of people did cities begin creating fire codes. They realized there was diminishing returns on building more fire stations. The buildings themselves needed to become more fireproof. Like a rapidly growing city, we’ve built our applications quickly and without regard for the fact they exist in a hostile environment. Every application that holds valuable data will be attacked, just like every car will drive on a slippery road and every person will be exposed to pathogens. We have to stop pretending we can keep the bad guys from attacking the code that protects our data.

In the News Feb 10 2016 Dark Reading

Simplifying Application Security: 4 Steps

Fortunately, the path to writing and deploying secure applications is not as hard as it’s made out to be. Any company can go from having an ad-hoc approach to having an advanced program, regardless of the number of applications that need securing.

In the News Feb 08 2016 SC Magazine

£4bn investment for NHS digital transformation

The raise in healthcare mobile applications could cause headaches for the government. That's why it's vital that all applications which access confidential data are fully tested and protected from vulnerabilities which could be an easy target for cyber-criminals wishing to damage the NHS or profit from the wealth of sensitive data it holds.

In the News Feb 08 2016 eSecurity Planet

5 Best Practices for Reducing Third-Party Security Risks

Any vendor should be able show proof that they conduct code reviews on any applications that touch your applications. “If they say, 'No, we don't do that,' or 'We don't share results on our internal security,' they probably do, and they're just trying to make you go away," said Chris Wysopal, CTO for Veracode. "One of the things we've learned is that if you push hard enough, they say, 'Yeah, you're right. We have had a third-party audit, and we can show you the results.'"

In the News Feb 08 2016 CBR Online

Why moving to cloud and mobile might be a security advantage

Veracode’s Sam King comments that the strategic benefits of cloud and mobile adoption within organizations means that security professionals no longer have fight to be heard in their firms. "They don't have to convince anybody that there's something they have to be concerned about when you've got an application and you're retailing it through another person, like Apple iTunes or Google Play or what have you.” 



contact menu