Hope Goslin

Hope Goslin

Hope is part of the content team at Veracode, based in Burlington, MA. In this role, she focuses on creating engaging AppSec content for the security community.

Stay up to date on Application Security

Posts by Hope Goslin
  • What Are the Most Prevalent Flaws in…
    June 21, 2022 | By Hope Goslin

    A few months ago, we released our 12th annual State of Software Security (SOSS) Report. In our announcement blog, we noted new application development trends (like increased use of microservices and open-source libraries), the positive impact that Veracode Security Labs has on time to remediate…

    Read Article
     
  • A Look Back at the Executive Order on…
    May 12, 2022 | By Hope Goslin

    It has officially been one year since the release of the Biden administration’s Executive Order on Cybersecurity, which outlines security requirements for software vendors selling software to the U.S. government.  These requirements include security testing in the development process and a software…

    Read Article
     
  • Just Because You Don’t Use Log4j or…
    April 20, 2022 | By Hope Goslin

    By now, you’re probably all aware of the recent Log4j and Spring Framework vulnerabilities.   As a recap, the Log4j vulnerability – made public on December 10, 2021 – was the result of an exploitable logging feature that, if successfully exploited, could allow attackers to perform an RCE (Remote…

    Read Article
     
  • Spring4Shell Vulnerability vs Log4Shell…
    April 1, 2022 | By Hope Goslin

    On March 29, 2022, details of a zero-day vulnerability in Spring Framework (CVE-2022-22965) were leaked. For many, this is reminiscent of the zero-day vulnerability in Log4j (CVE-2021-44228) back in December 2021.    What is the difference between the vulnerabilities?   The Spring Framework…

    Read Article
     
  • The Public Sector Has the Highest…
    March 29, 2022 | By Hope Goslin

    We recently launched the 12th annual edition of our State of Software Security (SOSS) report. To draw conclusions for the report, we examined the entire history of active applications. For the public sector data, we took the same approach. We examined the entire history of applications for…

    Read Article
     
  • Shifting Log4j Discovery Right
    March 22, 2022 | By Hope Goslin

    You hear a lot about shifting your application security (AppSec) left – in other words, shifting AppSec to the beginning of the software development lifecycle (SDLC). While we firmly believe that you should continue scanning in development environments, that doesn’t mean that you should neglect…

    Read Article
     

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

Subscribe Now!