Developers tend to get thrown under the bus when it comes to application security, but recent data shows that developers do, in fact, care about security. Take mitigation for example. Developers don’t try to rig the system by rejecting findings as false positives or as mitigated by design. Developers documented mitigations for just 14.4 percent of all flaws found by CA Veracode’s platform in the past year.
Much has changed in software security over the last year. Nation state-directed attacks demonstrated the significant danger posed by software vulnerabilities and raised the pressure on developers to secure their software. Attackers used exploits leaked from the National Security Agency (NSA), for example, to spread ransomware, including the costly WannaCry and NotPetya attacks.
Chris Wysopal, CTO for the CA Veracode portfolio of security testing tools CA Technologies acquired last year, said the survey results make it clear many organizations are still wrestling with the concept of DevSecOps. Many of them may be far along the path to building a culture around DevOps, but more often than not, security teams haven’t been included in those processes, says Wysopal.
It’s being reported that a hacker or hacker group might have stolen healthcare data for more than half of Norway’s population, according to reports in local press. The attack took place on January 8 and came to light this week when Health South-East RHF, a healthcare organization that manages hospitals in Norway’s southeast region, announced a security breach on its website.
It has been reported by that Schneider Electric SE has disclosed that hackers exploited a flaw in its software in a watershed hack discovered last month that halted plant operations at an industrial facility.
When discussing the lack of women in technology fields, the conversation generally starts around basic questions: What is it about tech fields that discourages women from participating, and what can people in the field do to attain a better balance?
Schneider Electric accidentally puts malware online that could shut down power plants. Nation state authored malware has been mistakenly put online that could enable hackers to compromise safety systems at power plants.
It’s amazing when you watch a lightbulb moment happen – especially when you’ve spent a great deal of your professional live devoted to it. Read more from CA Veracode's Chris Wysopal (@WeldPond).
Security researchers have discovered a flaw in the AMD PSP (Platform Security Processor), which could enable hackers to execute code in a security module that stores data such as passwords, certificates, and encryption keys.
Chances that a fix to a major microchip security flaw may slow down or crash some computer systems are leading some businesses to hold off installing software patches, fearing the cure may be worse than the original problem.
Developers aren't choosing to ignore security issues - they don't have the skills or resources to create secure code due to a critical deficit in developer security training, especially how to manage vulnerable components effectively.
Google has come forward to claim responsibility for discovering a pair of serious security holes in Intel processors that run almost 9 in 10 computers in the world. And worse: the company has echoed a statement by Intel yesterday that the flaws are not specific to that company’s chips.
If there's something of a déjà vu-like quality to vendor and analyst reports summing up the state of Web application security these days its because they all inevitably arrive at the same conclusion: Web apps are becoming more insecure, not less.
Which web risks are new, which are the same as four years ago? And where the problem lies, explains Julian Totzek-Hallhuber, Solution Architect at application security expert CA Veracode.
The speed of open source deployment by enterprises everywhere puts software security into question.
CA Veracode's Joe Pelletier (@joepelletier) shares three best practices to secure your website for the coming retail boom.
Year after year businesses face challenges when it comes to security, and 2017 was no different. Instead of trying to lecture the industry about the importance of application security testing, organizations tried to find new ways to bring security front and center.
A recent study by CA Veracode revealed that only 14% of high severity vulnerabilities are fixed in less than 30 days, which drives the conclusion that 86% take longer than 30 days.
CA Veracode has made great strides transitioning from a chiefly direct sales model to a partner-led business within the space of 12 months.
Only 28 percent of business leaders have heard of the Equifax breach, just 31 percent are aware of the 2014 eBay data breach, and just 34 percent have heard of WannaCry ransomware, a recent CA Veracode survey of 1,403 business leaders in the U.S., the U.K. and Germany found.
The application security headlines of the year 2017 seemed like more of the same grim news, but some AppSec trends are reasons to be hopeful.
According to a new survey from CA Veracode, breach awareness regarding recent major cyber incidents was low among executives, managers and directors, surprising some experts.
CA Veracode today released research revealing the large gap between software creation and software security, outpacing the urgency to secure the process. The security company’s report ‘Securing the Digital Economy’ highlights how investment in software and digital transformation is moving fast, with around one in five business leaders indicating that their software budget which supports digital transformation projects has increased by more than 50% over the past three years.
A shocking revelation of cybersecurity ignorance among UK business leaders has shown that as many as a quarter do not understand common cyberattacks. Ransomware and phishing are among basic attack variants that UK business leaders are in the dark about, proving that even major, global data breaches are not enough to capture the attention of all. Spending has been increasing across the board as organisations pursue digital transformation, but this has not prompted UK business leaders to learn more about the risks involved.