The Open Source Conundrum

mcurphey's picture
By Mark Curphey November 15, 2018
Get details on our upcoming open source road show

If you’ve read or watched the news at all in the last five years, you know that securing software is challenging. And in today’s world, developers are shouldering a big part of this challenge. Here lies the conundrum. Developers are in the best position to secure code, but security is often not one of their priorities. With the shift to DevOps in recent years, development is all about speed of... READ MORE

State of Software Security Vol 9: Top 4 Takeaways for Developers

sciccone's picture
By Suzanne Ciccone November 8, 2018
Key takeaways on SoSS v9 for developers

We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April 30, 2018. The data reveals a clear picture of both the security of code organizations are producing... READ MORE

Developer Tooling: A New Hope

mcurphey's picture
By Mark Curphey November 1, 2018
New dev tools will advance AppSec, not hinder it.

With all the doom and gloom surrounding the endless stream of data breaches, it’s sometimes easy to feel pessimistic about the future state of the AppSec industry. I should know, being British, my default psyche is that the glass is always half empty, not half full. But for me, AppSec is different. I have been in the AppSec business for almost 20 years and have never felt as optimistic that we... READ MORE

State of Software Security Volume 9: Top 5 Takeaways for CISOs

sciccone's picture
By Suzanne Ciccone October 30, 2018
SOSS v9 key takeaways for security pros

We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April 30, 2018. The data reveals a clear picture of both the security of code organizations are producing today,... READ MORE

SOSS Volume 9 reveals how DevSecOps can overcome the volume and persistence of software flaws

jlavery's picture
By Jessica Lavery October 24, 2018  | Research

Fall is a favorite season for many – in New England, we have beautiful colors and a chill in the air.  At Veracode, fall is our favorite season because it signifies the release of our annual State of Software Security (SOSS) report. Each year, we welcome the opportunity to share with the industry our insights into common vulnerabilities found in software and how organizations are measuring... READ MORE

Quick Take: Advancing AppSec Requires a Partnership Between Security and Development

lpaine's picture
By Laura Paine October 22, 2018  | Security News

The State of Software Security Volume 9 shows that the speed at which organizations fix flaws they discover in their code directly mirrors the level of risk incurred by applications. The faster organizations close vulnerabilities, the less risk software poses over time. In this quick take video, Chris Wysopal discusses how security and development teams can work together to reduce application... READ MORE

Quick Take: The State of Software Security in 2018

lpaine's picture
By Laura Paine October 22, 2018

The State of Software Security Volume 9 looks at both the good and bad news about the enterprise's progress on advancing application security. The data offers many signs of encouragement that organizations are incrementally moving the needle, though there is still plenty of work to be done to shore up application risk. In this quick take video, Chris Wysopal shares his views on the state of... READ MORE

Application Security Mistake No. 6: Going It Alone

sciccone's picture
By Suzanne Ciccone October 9, 2018
Why outside help is critical for AppSec success.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the sixth and final post in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

The View From a Veracode Solution Architect: My Top 5 Lessons Learned

jtsmith's picture
By John Smith October 8, 2018
Lessons learned from Veracode implementations over the years

I recently had an interesting question from a prospective customer: What are the top 5 lessons learned from implementing your solution at companies similar to ours? After careful thought, and soliciting input from my fellow solution architects in the EMEA region, I came up with the list below. We’re sharing it here in the hopes it proves useful to others as they work to develop software both... READ MORE

Java Crypto Libraries Go Modular

msheth's picture
By Mansi Sheth October 5, 2018
Java crypto code base now modularized

To complement my recent Java Crypto blog series ("How to get Started Using Java Cryptography Securely", "Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)", "Encryption and Decryption in Java Cryptography", "Message Digests, aka Hashing Functions"), I have been referencing corresponding working code on the GitHub repository. I am happy to announce a brand-new, shiny, modularized,... READ MORE

 

 

contact menu