/dec 10, 2015

The case for anonymous case studies

By Jessica Lavery

When beginning your application security journey, one of the most valuable actions you can take is to learn from the experiences of those who have gone before you. Yet the sensitive nature of security and the fear of becoming a target of hackers have led most enterprises to resist sharing their stories publicly. Some have shared their tales in closed-door meetings and exclusive events like the Gartner Risk and Security Management Summit. But very few have been willing to discuss their specific security efforts and practices out in the open.  Even when a security team was willing to talk about its programs, the traditional format of case studies, which focused on the solution or product the enterprise used to overcome a challenge, made it difficult for any named case study to be approved. This is because public relations and legal teams didn’t want to be viewed as endorsing a product.

By allowing anonymity, we are able to deliver a more authentic discussion of how a company faced and overcame a particular application security challenge.

Veracode works with some of the world’s largest enterprises to help them reduce the risk introduced by applications. As a result, we witness some great ideas and program plans that we know other enterprises can benefit from.  To help tell these stories in a way that is both engaging and informative, yet doesn’t divulge company secrets, we’ve amassed a collection of anonymous stories that you can use to implement or iterate an application security program. By allowing these enterprise to remain anonymous, we are able to go deeper than a traditional case study to deliver a more authentic discussion of how a company faced and overcame a particular application security challenge.

Additionally, our new case study format, which doesn’t focus on products used to overcome the challenge, makes the stories more valuable for other enterprises looking to solve similar challenges. These “view from the trenches” case studies have nothing to do with products, instead they are about the process the enterprise went through and are told from the company’s perspective, as opposed to the vendor’s.

I hope you find this new format both educational and entertaining. Many of the people writing these case studies have a humorous take on the challenges they faced and their perspectives are insightful and genuine.


Interested in telling your story? We’d love to share it on our blog. You can connect with us by sending us an email with your ideas to [email protected]

","Gotham SSm B",Helvetica,Arial,sans-serif; padding-bottom: 15px; line-height: 20px; color: #ef0078; border-left: none; border-bottom: 10px solid #ef0078;}

Related Posts

By Jessica Lavery

Jessica is part of the content team at Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.