The report reveals how application security is viewed and addressed by healthcare providers across the US. The number one concern of these executives was the exploitation of vulnerabilities in web, mobile and cloud-based applications. Survey respondents cited the potential for loss of life due to compromised networks or medical devices, brand damage due to theft of patient information and regulatory enforcement as their top fears related to such security breaches.
The report shows that four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode during the period covered by the report failed at least one of the OWASP Top 10, an industry-standard security benchmark. Given the volume of PHP applications developed for the top three content management systems (CMS) - WordPress, Drupal and Joomla, which represent more than 70 percent of all CMSs in use today – these findings raise concern over potential security vulnerabilities in millions of websites.
Esteemed former Gartner Research analyst Joseph Feiman has joined Veracode in the newly created position of Chief Innovation Officer, reporting directly to Bob Brennan, CEO. In this role, Joseph Feiman will focus on advanced technologies that drive innovative detection and protection strategies to further extend what is already the most comprehensive end-to-end platform for application security in the industry.
Pressure is building for boards and management teams to deal with cybersecurity issues that can impact their brand and erode valuation. 9 out of 10 board members believe regulators should hold businesses liable for cyber breaches if due care has not been followed to secure customer data.
The Court confirmed the jury verdict that Appthority ‘willfully’ infringed a Veracode patent related to binary static analysis. The Court also imposed a permanent injunction against Appthority’s infringing use of Veracode’s patented technology, rejecting Appthority’s argument that the injunction should apply only to a limited number of specific types of program errors detected by its technology. Accordingly, the court’s ruling makes clear that the changes to its technology that Appthority detailed to the Court are not sufficient to avoid infringement of Veracode’s patent and the scope of the Court’s injunction.
Analytics from Veracode’s cloud-based platform show that, based on its analysis of hundreds of thousands of scans of mobile apps installed in actual corporate environments, the average global enterprise has multiple gambling apps installed in its mobile environment. Many of these apps contain adware as well as critical vulnerabilities, such as weak encryption, enabling cyberattackers to gain access to contacts, emails, call history, and phone locations as well as to record phone conversations.
Veracode been positioned in the “Leaders” quadrant of Gartner Inc.’s 2015 “Application Security Testing Magic Quadrant” for the third consecutive year, based on the company’s completeness of vision and ability to execute in the application security testing (AST) market.
Sam King has been promoted to the newly created position of Chief Strategy Officer. In this role, King will be responsible for product management, marketing, corporate development and the company’s customer-facing solution architects.
Chris Wysopal, Veracode’s CTO and CISO, and Christien Rioux, Veracode’s Chief Scientist, will be participating in a number of activities during Black Hat USA and BSides Las Vegas, including roundtable sessions on best practices and key metrics for application security, and a keynote at the Password Crypto Track, unveiling L0phtCrack 7.
The 2015 State of Software Security report reveals concerning benchmark analytics from Veracode's cloud-based platform. Organized into seven vertical markets for simplified benchmarking – government, financial services, retail and hospitality, technology, manufacturing, healthcare and other – Veracode’s report shows that web and mobile applications produced or used by government organizations are more likely than those in other industries to fail standard security policies like the OWASP Top 10 when initially assessed for risk.
According to Cebr, one of the UK’s leading independent commentators on economics and business trends, some 60% of CTOs feel the government is not doing enough to prevent cyberattacks. In addition, the top three concerns of UK business executives are breach costs (including forensic, cleanup and legal costs), reputation and brand damage, and lost revenue due to downtime.
Corporate Challenge Rallies Top Mass. Companies to Close the Gender Gap at Work
Cybersecurity has clearly become an important board-level priority, with more than 80 percent of respondents reporting that cybersecurity is discussed at most or all boardroom meetings. At the same time, a surprising 66 percent are not fully confident their companies are properly secured against cyberattacks.
Veracode is partnering with Contrast Security to deliver IAST (Interactive Application Security Testing) as an automated cloud-based service. By dynamically instrumenting application behavior in real-time, from within the running application, IAST is designed to give enterprises an additional way to rapidly and accurately reduce risk earlier in the software development lifecycle (SDLC), especially in DevOps and Agile environments.
Veracode is continuously broadening its open and extensible platform by integrating innovative technologies developed in-house as well as by its technology partners. By delivering a broad range of technologies on a single cloud-based platform with centralized policies, metrics and analytics, Veracode’s unified approach reduces complexity and provides a more scalable solution for reducing application-layer risk across global software infrastructures.
IDG study reveals that lack of visibility into application-layer risk is consistent across US, UK and German firms
Veracode’s security team probed and monitored a set of always-on, consumer IoT devices, plus their associated mobile applications and cloud services, to understand the impact of each product’s data security and privacy posture. The results show vulnerabilities within these devices to be a potential pathway for robbery, theft of sensitive data or even stalking.
Mobile enterprise environments increasingly targeted by embedded spyware, adware and back-doors, according to analytics from Veracode’s cloud-based security platform
80 percent of vulnerable applications rated as highly business-critical, according to analytics from Veracode’s cloud-based security platform
Evaluation cites “unified cloud-based security SAST and DAST platform” with “a customer-centric approach to integration into the greater development workflow”
Veracode has been selected as a finalist for BostInno’s 50 on Fire awards, an annual celebration of the 50 most luminary organizations driving innovation in Boston and beyond. Veracode joins other innovators including HubSpot, Acquia and Actifio.
Chris Wysopal, Veracode’s co-founder, CTO and CISO will be a panelist for the segment “IT Transformation is the New Normal” at the annual Argyle CISO Leadership Forum. The conference will discuss best practices for security organizations to help drive the business forward.
Chris Wysopal, Veracode’s co-founder, CTO and CISO will be a panelist for the discussion “The Digital Trust: The Technology of Trust,” a Bloomberg Government event on Thursday, November 13th. Produced in partnership with Visa, the discussion will address the notion that the digital economy is built on trust: that transactions are protected from fraud and crime, and that personal, business, and government data are used appropriately and stored securely.