In the News

In the News Mar 13 2018 SC Magazine

What the Trump Administration Can Do to Boost Software and IoT Security

Last May, President Trump ordered his administration to come up with a plan for securing the U.S. government and the nation's infrastructure from cyberattacks that threaten the country's economy and national security.

In the News Mar 08 2018 SearchSecurity.de

Measures for better application security

Application security often leads to a niche existence. Mistakenly, most people see this as a problem with developers, and it's a question of the entire company.

In the News Mar 08 2018 Manage IT (Germany)

5 avoidable errors in application security

The activities of IT security often do not achieve the desired results. That in such cases, good advice is expensive, is a truism. Because often it is relatively simple things that hamper the efficient implementation of a security strategy. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, mentions five avoidable application security bugs

In the News Mar 06 2018 SC Magazine

Spring break vulnerability jeopardises Pivotal Spring projects

A remote code execution flaw, dubbed Spring Break, affects various Pivotal Spring projects and could allow an attacker to run arbitrary commands on any machine running applications built using Spring Data REST.

In the News Mar 06 2018 IT-Daily (Germany)

New RCE vulnerability: "Spring Break"

The recently discovered "Spring Break" vulnerability is a Remote Code Execution (RCE) security vulnerability that needs immediate attention and is another example of the immense challenges companies face. "Comment by Julian Totzek-Hallhuber, Principal Solution Architect at CA Veracode.

In the News Mar 05 2018 Computer Weekly

Spring Break flaw shows cross-industry collaboration

A flaw that was discovered in Pivotal’s Spring Framework in September 2017 has only come to light now that users have had a chance to update.

In the News Mar 05 2018 Computing

Security researchers identify new vulnerability affecting Pivotal Spring projects

Researchers imaginatively dub the new vulnerability "Spring Break"

In the News Mar 05 2018 Slate

Why is America letting Russia get away with meddling in our democracy?

Chris Wysopal, CTO of CA Veracode, a leading cybersecurity company, offers a more moderate option—slowing the computers down. “We could make the computers suffer hard-drive failures, keeping the operators so busy they couldn’t do much else,” Wysopal told me. “This is easy to do, and it would send a message: We can get to you, just like you can get to us, and we can step this up several notches”—for instance, fry the computers, as Clarke suggests—“if you don’t stop.”

In the News Mar 05 2018 Information Security Buzz

CA Veracode On “Spring Break” New Vulnerability For Web Apps

In response to the news that new “Spring Break” critical remote code execution (RCE) vulnerability, which is affecting Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications, Chris Wysopal, CTO at CA Veracode comments.

In the News Mar 01 2018 Computerworld Denmark

The code should be safe from the beginning ... but three out of four applications have a security shortage

If you make security early in development, you can reduce safety risks and long-term development costs quite significantly. The EU Commission is on its way with a number of initiatives that take security from the start.

In the News Mar 01 2018 Silicon (Germany)

Meltdown and Specter show the weakness of the networked world

Meltdown and Specter rang in the year 2018 with a bang, affecting billions of devices. CA Veracode's Julian Totzek-Hallhuber explains in this blog post why it is high time to put security at least on the same level as functionality.

In the News Mar 01 2018 SD Times

Developer training is the key to implementing security into DevOps, CA Veracode says

A DevSecOps strategy won’t work if developers haven’t bought into the movement. CA Veracode held a virtual summit on Assembling the Pieces of the DevSecOps Puzzle yesterday to talk about the importance of developer security training in a DevOps environment.

In the News Feb 28 2018 eWeek

Top Five Ways Security Vulnerabilities Hide in Your IT Systems

Corporate IT systems with known vulnerabilities are often missed or overlooked. In the case of Equifax, a known vulnerability led to hundreds of millions of dollars in losses. Here are the top-5 ways that vulnerabilities hide inside your company.

In the News Feb 27 2018 RSA Conference

Shift Left or Die: Baking Security into the Software Development Lifecycle is More Critical Than Ever

Somewhere along the road to DevOps nirvana that so many organizations have been attempting to follow, security got left behind. You see, a big driver of the need for DevOps is the speed with which organizations crank out software. It turns out it's really easy for software development to run off the rails, turning what should be innovation into unnecessary fiascos that can cost millions to fix, or worse yet, cause irreparable damage to a company's reputation.

In the News Feb 26 2018 Information Age

Business leaders are not keeping up with the data breach headlines – does it matter?

New software also brings with it new threats to the overall security of an organisation, so understanding the potential risks and vulnerabilities software introduces is essential if businesses want to keep hackers at bay

In the News Feb 22 2018 Search Security

SEC cybersecurity disclosure rules get a guidance update

The U.S. Securities and Exchange Commission introduced new SEC cybersecurity disclosure rules to prevent insider trading related to data breaches and other security incidents.

In the News Feb 20 2018 Midrange Magazin (GER)

No power to data thieves

Attacks by cybercriminals can be costly for businesses if they want to avoid losing their data. The most recent example is Uber, the globally operating U. S. driver service agent, who has been the victim of a Ransomware attack: Data from 57 million customers and drivers were hacked, including names, addresses and driver's license numbers. Over paid $100,000 to the hackers and concealed the incident, but is now exposed to the serious charge of covering up a criminal offence. This latest case shows once again the importance of advanced data protection to prevent cyber attacks. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, gives five tips on how companies can easily and effectively protect themselves against Ransomware attacks.

In the News Feb 18 2018 Spiegel Online (GER)

The dream of a fully automatic hacking machine

A machine that automatically finds new vulnerabilities in any software - this is what a team led by Fabian Yamaguchi from Berlin is working on. Can anyone become a hacker?

In the News Feb 15 2018 CSO

How to approach business leaders about cybersecurity when they don’t follow the breach headlines

Hint: hit them where it hurts the most – their own personal reputation and livelihood.

In the News Feb 13 2018 Trend Report (GER)

Recognize the signs of the time and act

This is a guest article by Julian Totzek-Hallhuber, Solution Architect, CA Veracode. The Aztec Empire, the Roman Empire or the British Empire - if one had asked contemporary witnesses, these cultures seemed untouchable and would last forever. External influences and socio-cultural developments have only made them examples of transience in the course of history. Today, the world looks completely different, but some developments in the shadow of technological progress have the potential to revolutionize our society from the ground up. The advantage is that we are able to recognize early warnings and take countermeasures. When Europeans entered the new world, it was the beginning of the end of the indigenous tribes and advanced cultures of a whole continent. Such a scenario, which in the long run can wipe out entire civilizations, is of course unthinkable nowadays, since today's cultures are consolidated and embedded in the global community. Accordingly, such upheavals today have far more far-reaching consequences, affecting much larger regions and sometimes the whole world. Three scenarios in particular are now able to change the course of the world from the ground up.

In the News Feb 07 2018 Information Security Buzz

NHS Trusts Have Failed Cybersecurity Tests

With recent news that the NHS’s lost of thousands of patient records and documentation and are now failing cyber security tests.

In the News Jan 24 2018 TechBeacon

5 trends app sec teams should watch in 2018

Much has changed in software security over the last year. Nation state-directed attacks demonstrated the significant danger posed by software vulnerabilities and raised the pressure on developers to secure their software. Attackers used exploits leaked from the National Security Agency (NSA), for example, to spread ransomware, including the costly WannaCry and NotPetya attacks.

In the News Jan 24 2018 DevOps.com

How Developers Can Take a More Proactive Approach to Security

Developers tend to get thrown under the bus when it comes to application security, but recent data shows that developers do, in fact, care about security. Take mitigation for example. Developers don’t try to rig the system by rejecting findings as false positives or as mitigated by design. Developers documented mitigations for just 14.4 percent of all flaws found by CA Veracode’s platform in the past year.

In the News Jan 24 2018 DZone

Security Starts at the Top

The culture connection gets real as experts agree that secure software development requires a new mindset across the board.

In the News Jan 23 2018 DevOps.com

CA Technologies Survey Uncovers DevSecOps Challenges

Chris Wysopal, CTO for the CA Veracode portfolio of security testing tools CA Technologies acquired last year, said the survey results make it clear many organizations are still wrestling with the concept of DevSecOps. Many of them may be far along the path to building a culture around DevOps, but more often than not, security teams haven’t been included in those processes, says Wysopal.

 

 

contact menu