Home / Blog / Doug Bonderud
dbonderud's picture

Doug Bonderud

Doug Bonderud is a freelance writer passionate about the evolution of technology and its impact on companies, stakeholders and end-users alike. Want to know more? Follow Doug on Twitter.
Posts by Doug Bonderud

Advanced Application Security Testing Requires the Multiple Method

December 19, 2014

How many static application security testing methods does your enterprise need? According to Dark Reading, just one won't cut it — no matter how advanced. But with a wealth of in-house and outsourced security options, how do you choose the right static tools, and how do you know when enough is enough? Swing and a Miss As Dark Reading's Kevin Greene noted, part of the problem with... READ MORE

Medical Device Cybersecurity: One-off or Overall Strategy?

December 17, 2014

According to recent data from MarketsandMarkets, the market for portable medical devices will be worth $20 billion by 2018. One key factor in this growth is the "availability of a wide range of medical software applications" that allows manufacturers and health agencies to custom-design medical devices to meet specific needs. The US Food and Drug Administration (FDA), meanwhile, has... READ MORE

Fire in the Sky: Shellshock Ignites the Security Debate

December 15, 2014

In late September, Shellshock exploded, becoming the internet's newest "big problem." Stemming from a flaw in Bash — the default shell for OS X and Linux, and often installed on Windows-based devices as well — the vulnerability caused a wave of panic, exploits and, subsequently, patches to fix this 25-year-old problem. But this is just the latest in a series of threats... READ MORE

Medical Device Cybersecurity and the Agile Development Prognosis

December 8, 2014

Medical device manufacturers face a daunting host of challenges, especially where cybersecurity is concerned. In response to the growing concerns of these manufacturers, the Food and Drug Administration (FDA) recently released guidance in the form of its "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices." This nine-page document details five "cybersecurity... READ MORE

IT Security for Small Business: Pipe Dream or Possibility?

November 20, 2014

Small businesses face a unique challenge when it comes to IT security: They're expected to meet enterprise standards for handling data, but on a shoestring budget and with razor-thin profit margins. And since many smaller companies can't afford to design and build apps in-house, they're forced to rely on an application ecosystem that's dominated by potentially insecure third-party... READ MORE

How the Dairy Queen Breach Can Help Put the Freeze on Third-Party Security Problems

November 18, 2014

Would you like a side of stolen credit card data with your Blizzard? It's the flavor of the month, apparently, as Dairy Queen announces that it, too, has been compromised by Backoff point-of-sale (POS) malware. Having risen to infamy after the massive Target breach last year, Backoff continues to pop up on systems across the country — the Dairy Queen breach of nearly 400 locations... READ MORE

Cracking the (Security) Code: Why Developer Training Matters

November 13, 2014

How much do developers really know about writing secure application code? That's a question companies are starting to ask in earnest as the number of desktop, web-based and now mobile applications in their networks continues to skyrocket. What's more, many such apps aren't developed in-house; they're either farmed out to third-party vendors or pushed up the pipeline by company... READ MORE

Wearable Fitness Trackers: Are Healthcare Applications Threadbare on Security?

November 12, 2014

Fashion is quickly becoming synonymous with function as wearable devices take center stage. Fitness trackers and technologies like Google Glass are just the first step — the next decade could include everything from intelligent fibers that record pulse and breathing rates to contact lenses that monitor your eye health. A lens that monitors blood sugar is already in development. For these... READ MORE

Go Ahead, Use Software Composition Analysis to Perfect Your App Recipe

November 11, 2014

Creating a new software application is like baking the perfect pie: Every company has its own recipe that includes "secret" in-house code but uses common, third-party ingredients where applicable. But what happens if ingredients in your latest batch are bad? Veracode's software composition analysis service recently determined that external components embed an average of 24 known... READ MORE

When It Comes to Software Security Testing, Assume Nothing — and Test Everything

November 5, 2014

Companies can't afford to develop software for every device connected to their networks. While in-house, mission-critical hardware often gets a dedicated team of IT professionals to create and test code, other end points such as point-of-sale (POS) devices, printers and routers aren't given the same scrutiny. As noted in a recent IT News article, however, old strains of POS malware like... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

No thanks, back to the article please.

 

 

contact menu

Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.