Chris Wysopal, CTO for the Veracode portfolio of security testing tools CA Technologies acquired last year, said the survey results make it clear many organizations are still wrestling with the concept of DevSecOps. Many of them may be far along the path to building a culture around DevOps, but more often than not, security teams haven’t been included in those processes, says Wysopal.
When discussing the lack of women in technology fields, the conversation generally starts around basic questions: What is it about tech fields that discourages women from participating, and what can people in the field do to attain a better balance?
It has been reported by that Schneider Electric SE has disclosed that hackers exploited a flaw in its software in a watershed hack discovered last month that halted plant operations at an industrial facility.
It’s being reported that a hacker or hacker group might have stolen healthcare data for more than half of Norway’s population, according to reports in local press. The attack took place on January 8 and came to light this week when Health South-East RHF, a healthcare organization that manages hospitals in Norway’s southeast region, announced a security breach on its website.
Schneider Electric accidentally puts malware online that could shut down power plants. Nation state authored malware has been mistakenly put online that could enable hackers to compromise safety systems at power plants.
It’s amazing when you watch a lightbulb moment happen – especially when you’ve spent a great deal of your professional live devoted to it. Read more from CA Veracode's Chris Wysopal (@WeldPond).
Security researchers have discovered a flaw in the AMD PSP (Platform Security Processor), which could enable hackers to execute code in a security module that stores data such as passwords, certificates, and encryption keys.
Chances that a fix to a major microchip security flaw may slow down or crash some computer systems are leading some businesses to hold off installing software patches, fearing the cure may be worse than the original problem.
Developers aren't choosing to ignore security issues - they don't have the skills or resources to create secure code due to a critical deficit in developer security training, especially how to manage vulnerable components effectively.
Google has come forward to claim responsibility for discovering a pair of serious security holes in Intel processors that run almost 9 in 10 computers in the world. And worse: the company has echoed a statement by Intel yesterday that the flaws are not specific to that company’s chips.
If there's something of a déjà vu-like quality to vendor and analyst reports summing up the state of Web application security these days its because they all inevitably arrive at the same conclusion: Web apps are becoming more insecure, not less.
Which web risks are new, which are the same as four years ago? And where the problem lies, explains Julian Totzek-Hallhuber, Solution Architect at application security expert CA Veracode.
CA Veracode's Joe Pelletier (@joepelletier) shares three best practices to secure your website for the coming retail boom.
The speed of open source deployment by enterprises everywhere puts software security into question.
Year after year businesses face challenges when it comes to security, and 2017 was no different. Instead of trying to lecture the industry about the importance of application security testing, organizations tried to find new ways to bring security front and center.
CA Veracode has made great strides transitioning from a chiefly direct sales model to a partner-led business within the space of 12 months.
A recent study by CA Veracode revealed that only 14% of high severity vulnerabilities are fixed in less than 30 days, which drives the conclusion that 86% take longer than 30 days.
Only 28 percent of business leaders have heard of the Equifax breach, just 31 percent are aware of the 2014 eBay data breach, and just 34 percent have heard of WannaCry ransomware, a recent CA Veracode survey of 1,403 business leaders in the U.S., the U.K. and Germany found.
According to a new survey from CA Veracode, breach awareness regarding recent major cyber incidents was low among executives, managers and directors, surprising some experts.
The application security headlines of the year 2017 seemed like more of the same grim news, but some AppSec trends are reasons to be hopeful.
Veracode has released new research revealing the widening gap between software creation and software security, with the rush to innovate outpacing the urgency to secure the process. The “Securing the Digital Economy” report highlights how investment in software and digital transformation is rapidly accelerating, with around one in five business leaders indicating that their software budget had increased 50 percent or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50 percent of business leaders surveyed understand the risk that vulnerable software poses to their business.
A shocking revelation of cybersecurity ignorance among UK business leaders has shown that as many as a quarter do not understand common cyberattacks. Ransomware and phishing are among basic attack variants that UK business leaders are in the dark about, proving that even major, global data breaches are not enough to capture the attention of all. Spending has been increasing across the board as organisations pursue digital transformation, but this has not prompted UK business leaders to learn more about the risks involved.
Veracode today released research revealing the large gap between software creation and software security, outpacing the urgency to secure the process. The security company’s report ‘Securing the Digital Economy’ highlights how investment in software and digital transformation is moving fast, with around one in five business leaders indicating that their software budget which supports digital transformation projects has increased by more than 50% over the past three years.
Developers are getting better at creating more secure software, but about the same proportion of programs are vulnerable as a decade ago, according to CA Veracode's most recent security report. Meanwhile, the risks have only increased. The impact of a security breach has dramatically increased because applications are the custodians of more critical data and functions than ever before.
The developer guide uses new data from the CA Veracode platform to support the fact that vulnerable open source components pose an omnipresent risk. Developers still have a high need for training and support in this area.
Particularly worrying: 91 percent of all Java applications that contain Struts components are based on a version of the framework with at least one critical or even particularly critical vulnerability.
Further findings of the Veracode study are:
Developers underestimate errors in code: Once again, 70 percent of applications fail this year when they run a Veracode security scan for the first time. Open-source software components as a source of risk: developers are increasingly turning to microservices to speed up their work. However, open source components in particular often contain risks and vulnerabilities, as the state-of-the-art software security report shows. 88 percent of the Java applications reviewed last year had at least one point of attack based on one of their components.
Hand in hand with security to enormous security gains: In modern DevOps teams, developers usually carry out the security tests for their applications themselves in order to eliminate errors directly. If they actively seek the advice of their security colleagues regarding the vulnerabilities, they can improve their bugfix rate by as much as 87.6 percent.