Senior Product Manager for Veracode’s application security platform including reporting, analytics and API feature sets as well are Veracode’s technology evolution from a monolithic architecture into MicroServices. Anne partners with Veracode customer’s to manage application security risk through new product features and functionality while enabling Veracode’s best in class scanning technologies.
- Using Median Time to Resolve Efficiently
Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to measure and motivate development teams, policy compliance doesn’t give you the granularity… READ MORE
Stay up to date on Application Security
- Should You Be Measuring Flaw Rate?
Metrics — or perhaps more accurately, the right metrics — are crucial for understanding what’s really happening in your AppSec program. They serve a dual purpose: They demonstrate your organization’s current state, and also show what progress it’s making in achieving its objectives. We typically recommend our customers measure their compliance against their own internal AppSec policy, plus scan… READ MORE
Veracode’s RESTful APIs use Hash-based Message Authentication Code (HMAC) for authentication, which provides a significant security advantage over basic authentication methods that pass the username and password with every request. Passing credentials in the clear is not a recommended practice from a security perspective; encryption is definitely preferred for obvious reasons, but HMAC goes a… READ MORE
- Women in Business: Take the Risk!
We recently hosted Gloria Larson, the President of Bentley University and one of Boston Magazine's “50 Most Powerful People,” at Veracode to talk about diversity with a specific focus on women in business. Our General Manager Sam King and Gloria had a discussion about: President Larson’s career and experience, culminating in her current leadership role The data on diversity in business The role… READ MORE
- Women in Technology: Don’t Worry, It’s Worse Than You ThinkApril 14, 2017 | Security News
Veracode recently hosted a movie night to watch CODE: Debugging the Gender Gap, followed by a group discussion. Two things struck me at this event: Gender diversity in technology is getting worse, not better. This problem won’t fix itself. In our group discussion after the movie – lead by Rosa Carson from Wayfair Labs – we dove into the question of “why is this getting worse?” It’s awful lonely… READ MORE
- Introducing Automated AppSec Consultation SchedulingJanuary 27, 2017 | Managing AppSec
Simplifying the process of getting Veracode’s help fixing security findings Veracode provides security experts on-demand to help developers make sense of the findings resulting from a security analysis – SAST, DAST, etc. These experts give developers context on Veracode’s scan results and provide advice on appropriate actions that would resolve the findings, either through a change to the code or… READ MORE
You have a great idea for a new product – what could possibly go wrong? One of my favorite games in business is to have a pre-mortem wherein you imagine that you are a year older and wiser and whatever it is you are working on right now fails miserably. I mean, spectacularly – we are talking pets.com-style. This game plays into my hyperbolic nature, but also is useful in identifying your… READ MORE
How the heck did that happen? They just took your business. Do you know what sucks? Losing a HUGE sales opportunity that was custom made for your company. Literally custom-made: you worked with the executive sponsor and wrote the RFP for her. You spent hours in that window-less room and on the phone with your prospect making sure you had all your differentiators captured so that no competitor… READ MORE
Software supply chain security has arrived with Google’s Vendor Security Assessment Questionnaire (VSAQ)! Or has it? The web-based application released under an open-source license on GitHub contains the actual questionnaire Google uses to review its own software vendors' security practices before making a purchase. I know what you’re thinking: “if it’s good enough for Google, it’s good enough… READ MORE
How to avoid putting your customer’s data at risk... Nothing stinks worse for a product manager than hearing there is a security issue in the amazing feature you just released. Yes, that one you created specifically for your very important client. Telling your previously elated buyer that the new do-dad you created specifically for them – based on their unsolicited, but completely accurate… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.