Overcoming the Language Barrier Key to DevSecOps Success

sciccone's picture
By Suzanne Ciccone December 8, 2017
how to overcome the dev/sec language barrier

As DevOps moves to DevSecOps, there is a significant “people” component involved in the shift. Development and security teams both need to overcome their “language barriers” and understand each other’s processes and priorities. The effort is worth it because we know that (1) the consequences of neglecting software security are getting more damaging and (2) embedding security early and often into... READ MORE

AppSec in Review Podcast: How Developers Respond to Security Findings

jzorabedian's picture
By John Zorabedian December 5, 2017  | Secure Development | Research
AppSec in Review: How Developers Respond to Security Finding

We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In this episode of the AppSec in Review podcast, Evan Schuman and CA... READ MORE

5 Ways to Get Developers and Your AppSec Program Ready for DevSecOps in 2018

jzorabedian's picture
By John Zorabedian December 4, 2017  | Managing AppSec
Get DevSecOps Ready in 2018

The importance of application security has increased dramatically over the past couple of years in response to rising threats. Meanwhile, software development is changing fast, with continuous delivery and DevOps adoption continuing to grow. It seems inevitable that the we'll be talking more and more in the coming year about securing DevOps and DevSecOps. As we enter 2018, it’s a good... READ MORE

Hardcoded Credentials: Why So Hard to Prevent?

sciccone's picture
By Suzanne Ciccone December 1, 2017
Understand the danger of hardcoded credentials

About a year ago, attackers managed to tap into thousands of IoT devices to create a botnet infected with Mirai malware and wreak havoc on some major websites. This Mirai botnet, made up of 100,000 IoT devices from DVRs to security cameras, unleashed a massive DDoS attack on DNS provider Dyn, which brought down dozens of websites, including Twitter, Spotify, Netflix and The New York Times. ... READ MORE

How CA Veracode Products Secure the Testing Stage

sciccone's picture
By Suzanne Ciccone November 29, 2017
How CA Veracode products fit into the testing stage

This is the second in a series of blogs on how CA Veracode products fit into each stage of the software lifecycle – from development to production. We want to emphasize lifecycle here, because we continue to hear the misconception that application security falls squarely and solely into the testing stage. In our 10+ years helping organizations secure their applications, we’ve learned that... READ MORE

Podcast: When it Comes to Data Breach Disclosure, When Does the Clock Start Ticking?

lpaine's picture
By Laura Paine November 28, 2017  | Managing AppSec
When do you disclose a data breach?

In the last episode of the Cyber Second Podcast, we talked about the confusing patchwork of rules and laws – state, federal, global – dictating data breach disclosure rules. The common thread in nearly all of the existing regulations is that the disclosure clock starts the very moment that a company becomes aware of the breach. But when does someone truly know something, and who needs to know to... READ MORE

What Developers Need to Know About the State of Software Security Today

jzorabedian's picture
By John Zorabedian November 28, 2017  | Research
State of Software Security Developer Guide

We recently published our annual research report, the State of Software Security, analyzing data from 400,000 application scans over 12 months spanning 2016 and 2017. Now we’re issuing a State of Software Security Developer Guide, featuring additional data and analysis aimed at helping developers meet the goal of creating great software that’s also secure software. This report offers the... READ MORE

Security at DevOps Speed: How CA Veracode Reduces False Positives

jjanego's picture
By Jon Janego November 27, 2017
How CA Veracode ensures accurate AppSec testing results

Application security solutions that slow or stall the development process simply aren’t feasible in a DevOps world. AppSec will increasingly need to fit as seamlessly as possible into developer processes, or it will be under-used or overlooked. But overlooking AppSec puts your organization at high risk of a damaging breach. Our most recent State of Software Security report (which is based on our... READ MORE

OWASP Top 10 Updated for 2017: Here’s What You Need to Know

jzorabedian's picture
By John Zorabedian November 20, 2017  | Secure Development
OWASP Top 10 2017

For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community. This update went through two versions. After the initial release candidate in April 2017 got... READ MORE

Women in Business: Take the Risk!

anielsen's picture
By Anne Nielsen November 17, 2017

We recently hosted Gloria Larson, the President of Bentley University and one of Boston Magazine's “50 Most Powerful People,” at CA Veracode to talk about diversity with a specific focus on women in business. Our General Manager Sam King and Gloria had a discussion about: President Larson’s career and experience, culminating in her current leadership role The data on diversity in business The... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu