Custom Cleansers, Accelerated Results, Greenlight Auto-Scan and Perl language enable Secure DevOps by expanding ability to make automated security testing part of the development process.
Tony Caine to Serve as Executive Vice President and General Manager of International Operations, Leslie Bois as Vice President, Global Channel
New solution enables secure coding to be achieved at the speeds needed for DevOps and high-velocity software development.
Independent research commissioned by Veracode highlights improvements made in secure development, as well as areas for future improvements in secure application delivery.
New plug-in allows DevOps teams to rapidly embed security into software development lifecycles.
Veracode today released the findings in its annual State of Software Security Report (SoSS). The seventh edition of the report presents metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months.
New Offerings Deepen Coverage for Popular Web and Mobile Languages, While Helping Users of Older Mission-Critical Applications Improve Security
Survey data reveals that although majority of respondents feel as though their software and applications are secure, many lack the proactive, layered security programs necessary to combat today’s vulnerabilities
These announcements are evidence of Veracode’s aggressive strategy to transform application security, extending it across the entire software lifecycle to reduce risk, manage compliance and shorten deployment times for secure software applications, while making secure coding practices a more seamless and positive part of the development processes.
Combining driver sentiment with in-depth interviews from organizations such as Fiat-Chrysler, Seat, Scania, Delphi and German industry body ADAC, new research sheds light on key questions, such as: What are the cybersecurity implications of the connected car? Who is responsible for ensuring the applications are secure? Where does product liability lie? What are the issues and approaches for personal data and privacy?
The report reveals how application security is viewed and addressed by healthcare providers across the US. The number one concern of these executives was the exploitation of vulnerabilities in web, mobile and cloud-based applications. Survey respondents cited the potential for loss of life due to compromised networks or medical devices, brand damage due to theft of patient information and regulatory enforcement as their top fears related to such security breaches.
The report shows that four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode during the period covered by the report failed at least one of the OWASP Top 10, an industry-standard security benchmark. Given the volume of PHP applications developed for the top three content management systems (CMS) - WordPress, Drupal and Joomla, which represent more than 70 percent of all CMSs in use today – these findings raise concern over potential security vulnerabilities in millions of websites.
Esteemed former Gartner Research analyst Joseph Feiman has joined Veracode in the newly created position of Chief Innovation Officer, reporting directly to Bob Brennan, CEO. In this role, Joseph Feiman will focus on advanced technologies that drive innovative detection and protection strategies to further extend what is already the most comprehensive end-to-end platform for application security in the industry.
Pressure is building for boards and management teams to deal with cybersecurity issues that can impact their brand and erode valuation. 9 out of 10 board members believe regulators should hold businesses liable for cyber breaches if due care has not been followed to secure customer data.
The Court confirmed the jury verdict that Appthority ‘willfully’ infringed a Veracode patent related to binary static analysis. The Court also imposed a permanent injunction against Appthority’s infringing use of Veracode’s patented technology, rejecting Appthority’s argument that the injunction should apply only to a limited number of specific types of program errors detected by its technology. Accordingly, the court’s ruling makes clear that the changes to its technology that Appthority detailed to the Court are not sufficient to avoid infringement of Veracode’s patent and the scope of the Court’s injunction.
Analytics from Veracode’s cloud-based platform show that, based on its analysis of hundreds of thousands of scans of mobile apps installed in actual corporate environments, the average global enterprise has multiple gambling apps installed in its mobile environment. Many of these apps contain adware as well as critical vulnerabilities, such as weak encryption, enabling cyberattackers to gain access to contacts, emails, call history, and phone locations as well as to record phone conversations.
Veracode been positioned in the “Leaders” quadrant of Gartner Inc.’s 2015 “Application Security Testing Magic Quadrant” for the third consecutive year, based on the company’s completeness of vision and ability to execute in the application security testing (AST) market.
Sam King has been promoted to the newly created position of Chief Strategy Officer. In this role, King will be responsible for product management, marketing, corporate development and the company’s customer-facing solution architects.
Chris Wysopal, Veracode’s CTO and CISO, and Christien Rioux, Veracode’s Chief Scientist, will be participating in a number of activities during Black Hat USA and BSides Las Vegas, including roundtable sessions on best practices and key metrics for application security, and a keynote at the Password Crypto Track, unveiling L0phtCrack 7.
The 2015 State of Software Security report reveals concerning benchmark analytics from Veracode's cloud-based platform. Organized into seven vertical markets for simplified benchmarking – government, financial services, retail and hospitality, technology, manufacturing, healthcare and other – Veracode’s report shows that web and mobile applications produced or used by government organizations are more likely than those in other industries to fail standard security policies like the OWASP Top 10 when initially assessed for risk.