News

Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News Nov 28 2017 The Hill

9 in 10 firms also failed to patch software that sunk Equifax

More than 90 percent of applications using the same computer programming library that, left unpatched, lead to the Equifax data breach also fail to keep the software up to date, reports the security firm CA Veracode.

In the News Nov 28 2017 TechBeacon

Will GitHub's dependency graph move the needle on app sec?

Software developers are depending more and more on third-party code, or dependencies, when forging their applications. Rather than reinvent the wheel for tasks such as logging and authentication, developers often deploy open-source code. That can can create security problems for software writers, as the recent mammoth breach at credit services company Equifax illustrated.

In the News Nov 28 2017 Information Security Buzz

Government Announces Plans For Cybersecurity Skills Investment In Industrial Strategy

The government has just announced a new strategy for industry that aims to tackle weak productivity and bolster businesses to counter any new problems caused by Brexit. The strategy highlights the need for improving digital skills especially in cybersecurity. Paul Farrington, Manager- EMEA Solution Architects at Veracode commented.

In the News Nov 28 2017 Dark Reading

Developers Can Do More to Up Their Security Game: Report

Developers can play a vital role in accelerating the adoption of AppSec practices, security vendor says. Data from a new study suggests that there are several measures developers can take to accelerate the adoption of formalized application security practices at their organizations.

In the News Nov 28 2017 SD Times

Report: Developers aren’t to blame for security issues

The idea that developers don’t care about application security is a myth. A recently released report found that not only do developers take application security seriously, they take the time to find and fix vulnerabilities in their applications.

In the News Nov 28 2017 Developer

How can developers improve software security? Move to DevSecOps and ‘think like an attacker’

Developers today frequently find themselves between a rock and a hard place. The business may not place security at the top of its priorities, but we all know how vital it is – and in today’s agile and DevOps working environments, developers cannot afford to finish applications and then leave the tidying up to the security team.

A new report from CA Veracode issued today argues that while developers do care about security, and are getting better at it, more work still needs to be done – including to ‘think like an attacker.’

In the News Nov 27 2017 LeMagIT

CA Technologies realizes its modern software factory

On the developer side, Veracode's solution comes in Veracode Greenlight , a plugin for the most common development environments (Eclipse, Visual Studio, etc.). It retrieves the code compiled on the water on the developer's machine and sends it to the Veracode SaaS service, whose function is to check that security breaches have not been inadvertently inserted. When this is the case, the plugin immediately reports it to the developer, highlighting the flaw in the code being written and displaying, on the right side of the screen, a known means to correct it.

In the News Nov 22 2017 IDG Connect

Could WikiLeaks dumping CIA code create the next WannaCry or NotPetya?

In an age of nation-state level cyberwarfare, countries with the best hacking tools are the new military powers. The US has been aggressive in efforts to find new and powerful vulnerabilities to exploit, and slow in disclosing them to technology vendors. But it has also not been effective in keeping those secrets from falling into the hands of hackers such as the Shadow Brokers and whistle-blower sites such as WikiLeaks and the Intercept.

In the News Nov 20 2017 Help Net Security

Chris Eng: An infosec journey from offense to defense

“Come to my lab, I promise you’ll learn something cool,” a friend told Chris Eng. Within a couple of hours, he had walked him through writing an exploit for an obscure Linux bug, and Eng was hooked on the idea that one could leverage a programming error to gain root privileges on the system.

In the News Nov 20 2017 Security-Insider

Application security in times of Microservices

The development of microservices, instead of monolithic applications, can pay off in the long run. In terms of application security, however, there are some challenges, warns CA Veracode. Once a company has created the structures to consistently develop microservices, there are a number of advantages. For example, microservices can be used multiple times in different applications. Instead of, for example, developing four apps each with its own payment processing system, the component is programmed only once and used by several applications. This also results in easier maintenance: if part of the solution is outdated or malfunctions occur, only a small service needs to be updated or replaced. Compared to monolithic software this is a big advantage, because even the smallest changes can have unpredictable effects.

In the News Nov 20 2017 International Business Times UK

Rogue hackers and hostile states could 'kill millions' using hijacked cars

Rogue hackers or hostile states could "kill millions" using hijacked cars, and a spike in road deaths is inevitable if manufacturers do not rush to solve cybersecurity issues, an expert has warned.

In the News Nov 17 2017 SD Times

CA Technologies focuses on the Modern Software Factory at CA World

CA Veracode makes checks throughout the development pipeline to ensure that security testing is a focus of the development process.

In the News Nov 16 2017 ZDNet

CA Technologies plots big bet on DevSecOps

Veracode Greenlight, which is available as a free trial to boost development speed and quality.

In the News Nov 16 2017 DevOps Online

Veracode discusses gender imbalance in the tech industry

Yesterday at CA World, Las Vegas, Sam King, chief strategy officer at Veracode, spoke to DevOps Online Journalist, Leah Alger, about gender imbalance in the tech scene of today

In the News Nov 14 2017 SD Times

Report: Majority of Java apps are susceptible to hack attacks

Java developers should be more aware of the open source software components they put in their applications if they want to avoid a security breach. A new report release by CA Veracode revealed 88% of Java apps include at least one vulnerable component, and about 53.3% of Java apps rely on a vulnerable version of the Commons Collections components.

In the News Nov 13 2017 Computerworld

Data leakage is major failure of 65.8% of web applications, says research

While data security investments prove crucial to businesses, as evidenced by recent cyber attacks that have hijacked sensitive information from users around the world, applications are no longer secure today than they were a decade ago. This is revealed by Veracode, a software security company recently acquired by CA Technologies. The survey, for which 1,400 companies were evaluated, reveals that at least one failure was found in the initial tests of 77% of the reviewed apps and 25% of the sites contain at least one serious vulnerability.

In the News Nov 13 2017 CSO

Application security: what’s working

There are a lot of ways that companies are missing the mark on AppSec, but there are a lot of ways they aren’t, and we can learn a lot from those that are doing it right.

In the News Nov 08 2017 ADT Magazine

Java Developers Aren’t Applying Security Patches, Report Finds

Application security vendor Veracode has released the "2017 State of Software Security Report," and the results paint an unflattering picture of Java developers. An alarming 88 percent of Java applications contain at least one vulnerable component, the report's authors found. Why? Developers don't patch components in production once vulnerabilities are found and new versions of those components are released.

In the News Nov 08 2017 SearchSecurity.de

DevSecOps: Security for developers and IT operations

DevSecOps combines application security and DevOps. With this approach, IT security is included in the software development and software lifecycle right from the start. More from CA Veracode's Julian Totzek-Hallhuber.  

In the News Nov 07 2017 Infosecurity

Interview: Sam King, SVP and General Manager, Veracode

Software and application security vendor Veracode has gone through a re-brand and a change of leadership, and Infosecurity recently met with SVP and general manager Sam King to learn all about it...

In the News Nov 06 2017 DevOps.com

DevOps in the Age of Digital Transformation

Digital transformation is one of the hottest buzzwords in the technology industry today. While it tends to be overused, the term does represent a widespread, ongoing movement that will set a standard for the next generation of enterprises. More from CA Veracode's Pete Chestna (@PeteChestna).

In the News Nov 02 2017 Storage Insider

8 things you now need to know about GDPR

On 25 May 2018, the transitional period for the European Data Protection Regulation (EU GDPR) ends. This will make data protection rules much more stringent for businesses and governments. Many previous data protection measures must be questioned, updated or expanded.

In the News Nov 02 2017 TechBeacon

Secure DevOps: What's in it for dev, sec and ops?

Pete Chestna (@PeteChestna), the director of developer engagement at CA Veracode, puts it all together by boiling down secure DevOps transformation to five key steps. Successful teams engage in automated software testing, integrate security early to fail quickly, avoid generating false alarms, appoint security champions within teams, and maintain operational visibility at all times.

In the News Nov 02 2017 Silicon

Cyber ​​Security: Dance on the volcano

In the year 79 AD, the citizens of Pompeii and Herculaneum thought that the smaller earthquakes they noticed were due to angry gods. They lacked the knowledge to interpret it as a warning of the imminent, devastating eruption of Mount Vesuvius. We should not make a similar mistake about cyber security.

In the News Oct 31 2017 IT-Daily

The 10 Scariest Vulnerabilities

The results of Veracode's State of Software Security report are alarming: 88 percent of Java applications contain at least one component that makes them vulnerable to cyber-attacks. The reason for this is the lack of visibility and management of open source components in enterprise applications.

 

 

contact menu