Veracode today released the findings in its annual State of Software Security Report (SoSS). The seventh edition of the report presents metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months.
New Offerings Deepen Coverage for Popular Web and Mobile Languages, While Helping Users of Older Mission-Critical Applications Improve Security
Survey data reveals that although majority of respondents feel as though their software and applications are secure, many lack the proactive, layered security programs necessary to combat today’s vulnerabilities
These announcements are evidence of Veracode’s aggressive strategy to transform application security, extending it across the entire software lifecycle to reduce risk, manage compliance and shorten deployment times for secure software applications, while making secure coding practices a more seamless and positive part of the development processes.
Combining driver sentiment with in-depth interviews from organizations such as Fiat-Chrysler, Seat, Scania, Delphi and German industry body ADAC, new research sheds light on key questions, such as: What are the cybersecurity implications of the connected car? Who is responsible for ensuring the applications are secure? Where does product liability lie? What are the issues and approaches for personal data and privacy?
The report reveals how application security is viewed and addressed by healthcare providers across the US. The number one concern of these executives was the exploitation of vulnerabilities in web, mobile and cloud-based applications. Survey respondents cited the potential for loss of life due to compromised networks or medical devices, brand damage due to theft of patient information and regulatory enforcement as their top fears related to such security breaches.
The report shows that four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode during the period covered by the report failed at least one of the OWASP Top 10, an industry-standard security benchmark. Given the volume of PHP applications developed for the top three content management systems (CMS) - WordPress, Drupal and Joomla, which represent more than 70 percent of all CMSs in use today – these findings raise concern over potential security vulnerabilities in millions of websites.
Esteemed former Gartner Research analyst Joseph Feiman has joined Veracode in the newly created position of Chief Innovation Officer, reporting directly to Bob Brennan, CEO. In this role, Joseph Feiman will focus on advanced technologies that drive innovative detection and protection strategies to further extend what is already the most comprehensive end-to-end platform for application security in the industry.
Pressure is building for boards and management teams to deal with cybersecurity issues that can impact their brand and erode valuation. 9 out of 10 board members believe regulators should hold businesses liable for cyber breaches if due care has not been followed to secure customer data.
The Court confirmed the jury verdict that Appthority ‘willfully’ infringed a Veracode patent related to binary static analysis. The Court also imposed a permanent injunction against Appthority’s infringing use of Veracode’s patented technology, rejecting Appthority’s argument that the injunction should apply only to a limited number of specific types of program errors detected by its technology. Accordingly, the court’s ruling makes clear that the changes to its technology that Appthority detailed to the Court are not sufficient to avoid infringement of Veracode’s patent and the scope of the Court’s injunction.
Analytics from Veracode’s cloud-based platform show that, based on its analysis of hundreds of thousands of scans of mobile apps installed in actual corporate environments, the average global enterprise has multiple gambling apps installed in its mobile environment. Many of these apps contain adware as well as critical vulnerabilities, such as weak encryption, enabling cyberattackers to gain access to contacts, emails, call history, and phone locations as well as to record phone conversations.
Veracode been positioned in the “Leaders” quadrant of Gartner Inc.’s 2015 “Application Security Testing Magic Quadrant” for the third consecutive year, based on the company’s completeness of vision and ability to execute in the application security testing (AST) market.
Sam King has been promoted to the newly created position of Chief Strategy Officer. In this role, King will be responsible for product management, marketing, corporate development and the company’s customer-facing solution architects.
Chris Wysopal, Veracode’s CTO and CISO, and Christien Rioux, Veracode’s Chief Scientist, will be participating in a number of activities during Black Hat USA and BSides Las Vegas, including roundtable sessions on best practices and key metrics for application security, and a keynote at the Password Crypto Track, unveiling L0phtCrack 7.
The 2015 State of Software Security report reveals concerning benchmark analytics from Veracode's cloud-based platform. Organized into seven vertical markets for simplified benchmarking – government, financial services, retail and hospitality, technology, manufacturing, healthcare and other – Veracode’s report shows that web and mobile applications produced or used by government organizations are more likely than those in other industries to fail standard security policies like the OWASP Top 10 when initially assessed for risk.
According to Cebr, one of the UK’s leading independent commentators on economics and business trends, some 60% of CTOs feel the government is not doing enough to prevent cyberattacks. In addition, the top three concerns of UK business executives are breach costs (including forensic, cleanup and legal costs), reputation and brand damage, and lost revenue due to downtime.
Corporate Challenge Rallies Top Mass. Companies to Close the Gender Gap at Work
Cybersecurity has clearly become an important board-level priority, with more than 80 percent of respondents reporting that cybersecurity is discussed at most or all boardroom meetings. At the same time, a surprising 66 percent are not fully confident their companies are properly secured against cyberattacks.
Veracode is partnering with Contrast Security to deliver IAST (Interactive Application Security Testing) as an automated cloud-based service. By dynamically instrumenting application behavior in real-time, from within the running application, IAST is designed to give enterprises an additional way to rapidly and accurately reduce risk earlier in the software development lifecycle (SDLC), especially in DevOps and Agile environments.
Veracode is continuously broadening its open and extensible platform by integrating innovative technologies developed in-house as well as by its technology partners. By delivering a broad range of technologies on a single cloud-based platform with centralized policies, metrics and analytics, Veracode’s unified approach reduces complexity and provides a more scalable solution for reducing application-layer risk across global software infrastructures.
IDG study reveals that lack of visibility into application-layer risk is consistent across US, UK and German firms
Veracode’s security team probed and monitored a set of always-on, consumer IoT devices, plus their associated mobile applications and cloud services, to understand the impact of each product’s data security and privacy posture. The results show vulnerabilities within these devices to be a potential pathway for robbery, theft of sensitive data or even stalking.
Mobile enterprise environments increasingly targeted by embedded spyware, adware and back-doors, according to analytics from Veracode’s cloud-based security platform
80 percent of vulnerable applications rated as highly business-critical, according to analytics from Veracode’s cloud-based security platform