In the News

In the News Apr 10 2018 IT Pro Portal

Developers aren't patching open-source vulnerabilities

Organisations often unaware of the inherent security risk of using third-party components in their applications.

In the News Apr 09 2018 DevOps Online

DevOps and the need for security to shift left

Shift left testing is an increasingly popular approach to testing applications and software, where the testing is generally performed earlier in the development project timeline (hence ‘shifted left’) and is a fundamental aspect of the DevOps approach.

In the News Apr 09 2018 Fortune

Exclusive: CA Technologies Is Buying a Startup to Bolster App Security

“There is a lot of inherent risk in leveraging open source libraries to assemble software,” said Sam King, general manager for CA Technologies’ Veracode unit, SourceClear’s new home which specializes in application security, in a statement emailed to Fortune. One recent consequence of that risk: last year’s Equifax data breach, which was caused by the big three credit bureau using a vulnerable version of Apache Struts, a popular open source software project.

In the News Apr 02 2018 CSO

Open source software security challenges persist

Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.

In the News Mar 26 2018 Security Insider (Germany)

Causes of a lack of application security

Web applications for the interaction of companies with their customers or prospects today play a central role in many industries. Often, personal data is used to initiate and process the contract. Often there is a lack of application security. Compulsory tests in the development process of such apps are omitted, although just in Java libraries or other code snippets again and again new gaps of cyber criminals are discovered. After all, 88 percent of Java applications contain at least one component that makes them vulnerable to cyber attacks. This was the result of the State of Software Security Report 2017 ( SoSS Report) by CA VeracodeProvides unique insights into application security status from more than 1,400 customers based on data and software scans.

In the News Mar 26 2018 Security Boulevard

6 Tricky Obstacles Security Teams Face in GDPR Compliance

The European Union’s General Data Protection Regulation (GDPR) takes effect May 25 and the penalties are stiff for failing to comply. Many are still unsure whether their companies are safely out of harm’s way. The regulation is long and full of terrors, to be sure. However, resistance is futile.

In the News Mar 21 2018 Search Security

Firefox bug exposes passwords to brute force -- for nine years

A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years.

In the News Mar 21 2018 Search Security

Human error still poses a significant cloud security risk

Even with the most sophisticated cloud security tools in play, human error -- both from end users and IT teams -- can open up your enterprise to numerous kinds of attacks.

In the News Mar 21 2018 SD Times

CA Veracode announces evolution of CA Veracode Verified

CA Veracode has announced the expansion of CA Veracode Verified, which provides third-party validation to a company’s software development process. According to the company, 30 percent of security breaches are a result of problems in the application layer, so software purchasers are now wanting more insight into what software they are buying.

In the News Mar 20 2018 IDG Connect

Testing the waters: The value of ethical hacking for business

Paul Farrington, Manager: EMEA Solution Architects at CA Veracode, says that, with the 2017 State of Software Security report demonstrating that 77 percent of applications have at least one vulnerability on initial scan, it is not surprising that large organizations, such as Google and Apple, are setting up their own bug bounty programs, which employ or incentivize ethical hackers to find vulnerabilities in their software applications.

In the News Mar 19 2018 SDxCentral

CA Veracode Validates Application Security, DevOps Processes

Application security company CA Veracode was acquired last year by CA Technologies and became a business unit within CA. Now, the company has released CA Veracode Verified, a new program that provides third-party validation of a company’s security software and DevOps process.

In the News Mar 15 2018 TechTarget

Use the right DevSecOps tools for more secure development

Making applications safer requires more than just new tools; it also requires a cultural shift. DevSecOps is an effort to shift security left. Here's how to get started.

In the News Mar 15 2018 Professional Security

Cyber and IoT safety and resilience

Increasing the connectivity between physical and digital systems brings with it increased risks. So says Nick Jennings, Imperial College London Professor of Artificial Intelligence and Vice-Provost and the UK Government’s former Chief Scientific Advisor for National Security, in a foreword to a Royal Academy of Engineering report on cyber safety and resilience. He called for work to investigate measures needed to strengthen the safety and resilience of all connected systems, ‘particularly critical infrastructure that society now depends so much on’.

In the News Mar 13 2018 IT-Daily (Germany)

Avoidable errors in application security

The activities of IT security often do not achieve the desired results. That in such cases, good advice is expensive, is a truism. Because often it is relatively simple things that hamper the efficient implementation of a security strategy. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, mentions five avoidable application security bugs.

In the News Mar 13 2018 SC Magazine

What the Trump Administration Can Do to Boost Software and IoT Security

Last May, President Trump ordered his administration to come up with a plan for securing the U.S. government and the nation's infrastructure from cyberattacks that threaten the country's economy and national security.

In the News Mar 08 2018 SearchSecurity.de

Measures for better application security

Application security often leads to a niche existence. Mistakenly, most people see this as a problem with developers, and it's a question of the entire company.

In the News Mar 08 2018 Manage IT (Germany)

5 avoidable errors in application security

The activities of IT security often do not achieve the desired results. That in such cases, good advice is expensive, is a truism. Because often it is relatively simple things that hamper the efficient implementation of a security strategy. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, mentions five avoidable application security bugs

In the News Mar 06 2018 SC Magazine

Spring break vulnerability jeopardises Pivotal Spring projects

A remote code execution flaw, dubbed Spring Break, affects various Pivotal Spring projects and could allow an attacker to run arbitrary commands on any machine running applications built using Spring Data REST.

In the News Mar 06 2018 IT-Daily (Germany)

New RCE vulnerability: "Spring Break"

The recently discovered "Spring Break" vulnerability is a Remote Code Execution (RCE) security vulnerability that needs immediate attention and is another example of the immense challenges companies face. "Comment by Julian Totzek-Hallhuber, Principal Solution Architect at CA Veracode.

In the News Mar 05 2018 Computer Weekly

Spring Break flaw shows cross-industry collaboration

A flaw that was discovered in Pivotal’s Spring Framework in September 2017 has only come to light now that users have had a chance to update.

In the News Mar 05 2018 Computing

Security researchers identify new vulnerability affecting Pivotal Spring projects

Researchers imaginatively dub the new vulnerability "Spring Break"

In the News Mar 05 2018 Slate

Why is America letting Russia get away with meddling in our democracy?

Chris Wysopal, CTO of CA Veracode, a leading cybersecurity company, offers a more moderate option—slowing the computers down. “We could make the computers suffer hard-drive failures, keeping the operators so busy they couldn’t do much else,” Wysopal told me. “This is easy to do, and it would send a message: We can get to you, just like you can get to us, and we can step this up several notches”—for instance, fry the computers, as Clarke suggests—“if you don’t stop.”

In the News Mar 05 2018 Information Security Buzz

CA Veracode On “Spring Break” New Vulnerability For Web Apps

In response to the news that new “Spring Break” critical remote code execution (RCE) vulnerability, which is affecting Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications, Chris Wysopal, CTO at CA Veracode comments.

In the News Mar 01 2018 Computerworld Denmark

The code should be safe from the beginning ... but three out of four applications have a security shortage

If you make security early in development, you can reduce safety risks and long-term development costs quite significantly. The EU Commission is on its way with a number of initiatives that take security from the start.

In the News Mar 01 2018 Silicon (Germany)

Meltdown and Specter show the weakness of the networked world

Meltdown and Specter rang in the year 2018 with a bang, affecting billions of devices. CA Veracode's Julian Totzek-Hallhuber explains in this blog post why it is high time to put security at least on the same level as functionality.

 

 

contact menu