In the News

In the News Jan 03 2018 Dark Reading

Open Source Components, Code Volume Drag Down Web App Security

If there's something of a déjà vu-like quality to vendor and analyst reports summing up the state of Web application security these days its because they all inevitably arrive at the same conclusion: Web apps are becoming more insecure, not less.

In the News Dec 27 2017 Silicon

OWASP 2017: The second

Which web risks are new, which are the same as four years ago? And where the problem lies, explains Julian Totzek-Hallhuber, Solution Architect at application security expert CA Veracode.

In the News Dec 22 2017 DevOps.com

Are Your Web Applications Prepared for the Holidays?

CA Veracode's Joe Pelletier (@joepelletier) shares three best practices to secure your website for the coming retail boom. 

In the News Dec 22 2017 CIO

Why you need to worry about the security of open source software in 2018 and beyond

The speed of open source deployment by enterprises everywhere puts software security into question.

In the News Dec 21 2017 SD Times

2017: Security was not an afterthought

Year after year businesses face challenges when it comes to security, and 2017 was no different. Instead of trying to lecture the industry about the importance of application security testing, organizations tried to find new ways to bring security front and center.

In the News Dec 20 2017 Channelnomics

CA Veracode details building channel infrastructure

CA Veracode has made great strides transitioning from a chiefly direct sales model to a partner-led business within the space of 12 months. 

In the News Dec 20 2017 Information Age

EXCLUSIVE: Cyber security predictions from CUJO AI

A recent study by CA Veracode revealed that only 14% of high severity vulnerabilities are fixed in less than 30 days, which drives the conclusion that 86% take longer than 30 days.

In the News Dec 14 2017 eSecurity Planet

Just 28 Percent of Business Leaders Have Heard of the Equifax Breach

Only 28 percent of business leaders have heard of the Equifax breach, just 31 percent are aware of the 2014 eBay data breach, and just 34 percent have heard of WannaCry ransomware, a recent CA Veracode survey of 1,403 business leaders in the U.S., the U.K. and Germany found.

In the News Dec 13 2017 SearchSecurity

Breach awareness low among executives, CA Veracode survey says

According to a new survey from CA Veracode, breach awareness regarding recent major cyber incidents was low among executives, managers and directors, surprising some experts.

In the News Dec 13 2017 CSO

3 Big Application Security Trends of 2017

The application security headlines of the year 2017 seemed like more of the same grim news, but some AppSec trends are reasons to be hopeful.

In the News Dec 12 2017 Digitalisation World

Business leaders only address cybersecurity under duress

CA Veracode has released new research revealing the widening gap between software creation and software security, with the rush to innovate outpacing the urgency to secure the process. The “Securing the Digital Economy” report highlights how investment in software and digital transformation is rapidly accelerating, with around one in five business leaders indicating that their software budget had increased 50 percent or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50 percent of business leaders surveyed understand the risk that vulnerable software poses to their business.

In the News Dec 12 2017 Computer Business Review

1 in 4 UK business leaders lack basic cybersecurity understanding

A shocking revelation of cybersecurity ignorance among UK business leaders has shown that as many as a quarter do not understand common cyberattacks. Ransomware and phishing are among basic attack variants that UK business leaders are in the dark about, proving that even major, global data breaches are not enough to capture the attention of all. Spending has been increasing across the board as organisations pursue digital transformation, but this has not prompted UK business leaders to learn more about the risks involved.

In the News Dec 12 2017 Software Testing News

CA Veracode urges businesses to secure software

CA Veracode today released research revealing the large gap between software creation and software security, outpacing the urgency to secure the process. The security company’s report ‘Securing the Digital Economy’ highlights how investment in software and digital transformation is moving fast, with around one in five business leaders indicating that their software budget which supports digital transformation projects has increased by more than 50% over the past three years.

In the News Dec 11 2017 TechBeacon

The sorry state of software security: Secure development is key

Developers are getting better at creating more secure software, but about the same proportion of programs are vulnerable as a decade ago, according to CA Veracode's most recent security report. Meanwhile, the risks have only increased. The impact of a security breach has dramatically increased because applications are the custodians of more critical data and functions than ever before.

In the News Dec 04 2017 dotnetpro

State of Software Security Report

The developer guide uses new data from the CA Veracode platform to support the fact that vulnerable open source components pose an omnipresent risk. Developers still have a high need for training and support in this area.

Particularly worrying: 91 percent of all Java applications that contain Struts components are based on a version of the framework with at least one critical or even particularly critical vulnerability.

Further findings of the CA Veracode study are:

Developers underestimate errors in code: Once again, 70 percent of applications fail this year when they run a CA Veracode security scan for the first time. Open-source software components as a source of risk: developers are increasingly turning to microservices to speed up their work. However, open source components in particular often contain risks and vulnerabilities, as the state-of-the-art software security report shows. 88 percent of the Java applications reviewed last year had at least one point of attack based on one of their components.

Hand in hand with security to enormous security gains: In modern DevOps teams, developers usually carry out the security tests for their applications themselves in order to eliminate errors directly. If they actively seek the advice of their security colleagues regarding the vulnerabilities, they can improve their bugfix rate by as much as 87.6 percent.

In the News Dec 04 2017 SD Times

DevSecOps: Baking security into development

Software is the lifeblood of most businesses today. So, what happens if that software is unreliable or insecure? It seems like a no-brainer that the software being pushed out should be protected. But, as software is being developed and deployed at a rapid pace, an important aspect of the life cycle gets lost in the race: Security.

In the News Dec 01 2017 DZone

Reemergence of Open Source Increases Security Vulnerabilities

Thanks to Pete Chestna, Director of Developer Engagement and Jessica Lavery, Senior Manager, Security Strategy at CA Veracode for taking the time to speak to me at CA World 17. Pete and Jess were excited that CA Veracode Greenlight was now available as a free trial to help developers accelerate velocity and quality. Developers can produce vulnerability-free code with instant feedback on security defects in their IDEs. This enables them to speed the SDLC without compromising security while fulfilling the promise of DevSecOps.

In the News Nov 30 2017 DZone

Yes, Developers Care About Security

CA Veracode has just published its annual State of Software Security (SOSS) report which analyzes data from 400,000 application scans from April 1, 2016 to March 31, 2017. The applications were written in more than a dozen programming languages for large and small organizations across a wide range of industries. A key finding is that most developers don't try to game the system by rejecting findings as false positives, or as mitigated by design. Developers documented mitigations for just 14.4% of all the flaws found by the CA Veracode platform.

In the News Nov 29 2017 Inside-IT

Akamai report – Focusing on SQL injections, android and Germany

Akamai has published the latest report on the "State of the Internet". Some key statements: The number of DDoS attacks increased again in the third quarter of 2017, with eight percent growth compared to the second quarter. However, the number of attacks decreased slightly compared to the third quarter of 2016. (…) And the guest author, Chris Wysopal of CA Veracode, explicitly criticizes the ICT industry: "Although Application Security Testing promises a lot and is growing fast, it shows that applications are generally not more secure today than they were ten years ago". And further, Wysopal complains: "Most open source components remain unpatched once they have been built into the software."

In the News Nov 29 2017 IT-Daily

No power to data thieves - Five tips against ransomware

Attacks by cybercriminals can be costly for businesses if they want to avoid losing their data. The most recent example is Uber, a global American driver services broker who has been the victim of a Ransomware attack: data from 57 million customers and drivers has been hacked, including names, addresses and driver's license numbers. Over paid $100,000 to the hackers and concealed the incident, but is now exposed to the serious charge of covering up a criminal offence. This latest case shows once again the importance of advanced data protection to prevent cyberattacks. Julian Totzek-Hallhuber, Solution Architect at the application security specialist CA Veracode, gives five tips on how companies can easily and effectively protect themselves against Ransomware attacks.

In the News Nov 28 2017 Developer

How can developers improve software security? Move to DevSecOps and ‘think like an attacker’

Developers today frequently find themselves between a rock and a hard place. The business may not place security at the top of its priorities, but we all know how vital it is – and in today’s agile and DevOps working environments, developers cannot afford to finish applications and then leave the tidying up to the security team.

A new report from CA Veracode issued today argues that while developers do care about security, and are getting better at it, more work still needs to be done – including to ‘think like an attacker.’

In the News Nov 28 2017 SD Times

Report: Developers aren’t to blame for security issues

The idea that developers don’t care about application security is a myth. A recently released report found that not only do developers take application security seriously, they take the time to find and fix vulnerabilities in their applications.

In the News Nov 28 2017 Information Security Buzz

Government Announces Plans For Cybersecurity Skills Investment In Industrial Strategy

The government has just announced a new strategy for industry that aims to tackle weak productivity and bolster businesses to counter any new problems caused by Brexit. The strategy highlights the need for improving digital skills especially in cybersecurity. Paul Farrington, Manager- EMEA Solution Architects at CA Veracode commented.

In the News Nov 28 2017 The Hill

9 in 10 firms also failed to patch software that sunk Equifax

More than 90 percent of applications using the same computer programming library that, left unpatched, lead to the Equifax data breach also fail to keep the software up to date, reports the security firm CA Veracode.

In the News Nov 28 2017 Dark Reading

Developers Can Do More to Up Their Security Game: Report

Developers can play a vital role in accelerating the adoption of AppSec practices, security vendor says. Data from a new study suggests that there are several measures developers can take to accelerate the adoption of formalized application security practices at their organizations.

 

 

contact menu