News

Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News Jun 15 2017 TechTarget

Everything you need to know -- and love -- about testing microservices

How is testing microservices going to come about, and what is it all going to mean? At DevOps Days Stockholm, Veracode engineer and speaker Peter Chestna (@PeteChestna) presented an argument for the concept of the full-spectrum engineer, a reincarnation of the current full-stack engineer.

In the News Jun 14 2017 Infosecurity

Security and Development Teams Collaborate on Apps

Security teams and developers are more aligned and capable of taking a collaborative approach than many in the industry believe, according to a new study from Veracode.

In the News Jun 14 2017 IT Pro

Gloucester City Council fined £100,000 over Heartbleed hack

"The latest fine imposed by the ICO is an unfortunate outcome for this public body. Vendors like Veracode in 2014 were offering free scans, with no strings attached. The council officials could have protected the 30,000 leaked email records without incurring any additional cost burden," said Veracode's Paul Farrington (@pfarrington_tm).

In the News Jun 14 2017 Dark Reading

Survey: 58% of Security and Development Teams Play Nice

Despite frequent talk of tension between software development and security teams, it turns out more than half of organizations surveyed have these two groups collaborating.

In the News Jun 13 2017 Quartz

The “Internet of Things” is way more vulnerable than you think—and not just to hackers

"The problem is that the healthcare industry, which is rushing headlong into the IoT, has a bad track record when it comes to cyber security. BitSight, a Boston firm that ranks companies for their level of cybersecurity, compared five industries: health care, finance, retail, utilities, and federal agencies. Health care, represented by 2,500 companies in the survey, placed dead last. Veracode, another Boston cyber company also looked at five industries, but with a different metric. It asked what percentage of known vulnerabilities in software were fixed. In manufacturing, over 80 percent of the problems had been addressed. In medicine, it was half that number. In fact, more than three quarters of all medical software applications currently in use have a known vulnerability."

In the News Jun 07 2017 DZone

Developers: Automate and Apply Intelligence to Thrive

Developers have the opportunity to change the world with Artificial Intelligence. Learn how CA's suite of products is helping clients. It was great talking with Ayman Sayed, Chief Product Officer at CA Technologies during the Build to Change Summit.

In the News May 22 2017 bobsguide

The New York DFS cybersecurity regulations: Non-compliance is not an option

"While far from revolutionary, the NYDFS regulations present an interesting opportunity for the New York’s financial services industry to become a golden beacon of beat practice for introducing and maintaining a secure culture in their organisation. These new standards are the first of many that, in time, we hope, will put to bed the routine box-ticking cybersecurity exercises that ultimately leave organisations uncompliant and at a greater cyber risk," writes Colin Domoney (@colindomoney), Consultant Solution Architect, Veracode.

In the News May 15 2017 New York Times

How to Protect Yourself From Ransomware Attacks

A decade-old form of malicious software known as ransomware has been making headlines after cybercriminals hijacked hundreds of thousands of computers worldwide. Ransomware, which is often transmitted by email or web pop-ups, involves locking up people’s data and threatening to destroy it if a ransom is not paid. The global cyberattack has affected 200,000 Windows computers in more than 150 countries, including China, Japan, South Korea, Germany and Britain.

In the News May 14 2017 Wall Street Journal

Ransomware Hack Exploited Human Error

The global cyberattack that crippled computers around the world combined elite hacking tools with a particularly devastating form of malicious software known as ransomware. But there was another factor that helped turn the outbreak into one of the nastiest computer infections ever: human fallibility.

In the News May 13 2017 Reuters

Global cyber attack fuels concern about U.S. vulnerability disclosures

A global cyber attack on Friday renewed concerns about whether the U.S. National Security Agency and other countries' intelligence services too often hoard software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.

In the News May 12 2017 The Parallax

Trump’s cybersecurity order not likely to have a major impact, experts say

After months of rumors and leaked drafts, and amid another week of White House controversy that included the firing of FBI Director James Comey, President Donald Trump signed an executive order on cybersecurity.

In the News May 12 2017 The Daily Mail

Ninety-nine countries are hit by 75,000 attacks using NSA superweapon dubbed the 'atom bomb of malware' stolen by mysterious hacking collective called 'The Shadow Brokers'

A global cyber attack using hacking tools widely believed to have been developed by the US National Security Agency and leaked online by a group called the Shadow Brokers has caused chaos around the world.

In the News May 11 2017 Dark Reading

What Developers Don't Know About Security Can Hurt You

What Developers Don't Know About Security Can Hurt You Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset. More from Veracode's Director of Developer Engagement Peter Chestna (@PeteChestna).

In the News May 09 2017 DevOps.com

Get Ready to Become a Full-Spectrum Engineer

DevOps has ushered in a new trend. Teams are moving from batched releases of functionality to single-piece flow. In other words, we no longer think about collecting the work of multiple engineers over multiple sprints into a release. Our ability to bring value to the customer as soon as possible and out-innovate the competition will be driven by releasing the work of a single engineer as soon as it is ready. This typically is accomplished through a continuous integration/continuous delivery (CI/CD) pipeline directly from the source repository through automated testing and finally deployment into production, preferably without any human intervention. What does this mean for developers? Plenty. In this piece, Pete Chestna (@PeteChestna) takes a look at the major capabilities needed by software engineers who want to thrive as full-spectrum engineers (FSEs.) 

In the News Apr 28 2017 CSO

Latest OWASP Top 10 looks at APIs, web apps

The new release of the OWASP Top 10 list is out for public comment from the Open Web Application Security Project, and while most of it remains the same there are a couple of new additions, focusing on protections for web applications and APIs. To make room for the new items, a couple of older ones were either removed or merged into new items. Chris Eng, vice president of research at Veracode pointed out the addition of API protections to the list was redundant. "There’s really no need to create a new category for APIs," he said. "If there were a new and prevalent class of vulnerabilities unique to APIs then it would make sense to highlight. Otherwise, the repetition is only going to be confusing."

In the News Apr 27 2017 Dark Reading

OWASP Top 10 Update: Is It Helping to Create More Secure Applications?

What has not been updated in the new OWASP Top 10 list is almost more significant than what has. More from Chris Eng (@chriseng), vice president of research, Veracode.

In the News Apr 26 2017 TechTarget

DevSecOps, or how to build safer software so much faster

DevSecOps is an effort to bring security into the mix. DevOps is hard to do and security is harder. But at a time when security breaches continue to dominate the headlines, there's no question that security and DevOps need to come together. The only issues are when and how. We asked experts at the intersection of DevOps and security for their best advice on trying DevSecOps. Peter Chestna, Director of Developer Engagment at Veracode states "Developers aren't trained in security. So simply educating developers in the basics of security will go a long way."

 

In the News Apr 24 2017 DZone

The Biggest Change to Java

While some Java features can lie dormant for years before being popularized, Java 8's functional additions have sparked widespread adoption. To gather insights on the state of the Java ecosystem today, we spoke to nine executives who are familiar with the ecosystem. We asked these experienced Java professionals "What have been the most significant changes to the Java ecosystem in the past year?" 

In the News Apr 18 2017 TechTarget

Shadow Brokers' Windows exploits target unsupported systems

A new release of NSA cyberweapons falls flat as Windows exploits from the Shadow Brokers have mostly been patched, but unsupported systems still at risk. Chris Wysopal, CTO and co-founder of Veracode, said the timing of the release "was well designed." "Some of the exploits are for Windows Vista which was just end-of-lifed on Tuesday [last] week. This means they may never get patches for the vulnerabilities," Wysopal told SearchSecurity. 

 

In the News Apr 12 2017 Information Security Buzz

Microsoft Word Zero-Day Vulnerability

Following the news that a new zero-day vulnerability that affects all supported versions of Microsoft Word has been uncovered and is already being used to launched attacks. Paul Farrington,  Manager, EMEA Solution Architects at Veracode comments "the Microsoft engineers will not only need to devise a patch for this vulnerability, but also to remodel their threat assessment of this type of file interaction. They will need to make the opening of untrusted Word documents a viable option once again, else a major benefit of this word processing software would be seriously weakened."

In the News Apr 11 2017 Enterprise Times

Microsoft Word hit by zero-day vulnerability

FireEye Labs has warned of a zero-day vulnerability affecting Microsoft Word. The warning came in a blog by Threat Researcher, Genwei Jiang. In the blog, Jiang says FireEye alerted Microsoft to the vulnerability a few weeks ago and that Microsoft was already working towards a fix. At first glance this seems like just another attack that can be quickly patched and resolved. However, Paul Farrington,  Manager, EMEA Solution Architects, Veracode, a company recently acquired by CA says it is much more serious than that.

In the News Apr 11 2017 Forbes

Why The Application Travelator Needs More Handrails