Skip to main content

Hope Goslin

Hope is part of the content team at Veracode, based in Burlington, MA. In this role, she focuses on creating engaging AppSec content for the security community.

Posts by Hope Goslin
  • Nature vs. Nurture Tip 1: Use DAST With SAST

    When conducting research for this year’s State of Software Security report, we looked at how “nature” and “nurture” contribute to the time it takes to close out a security flaw. For the “nature” side, we looked at attributes that we cannot change, like application size or age. For “nurture,” we looked at application attributes we can change, like security scan frequency and cadence. We found that… READ MORE

Stay up to date on Application Security

  • State of Software Security v11: How to Use the Findings

    As a security professional reading through version 11 of our State of Software Security (SOSS) report, the first statistic that probably stands out to you is that 76 percent of applications have security flaws. It’s encouraging to see that only 24 percent of those security flaws are high-severity, but ultimately, having security flaws in more than three-fourths of applications means there is… READ MORE

  • New PCI Regulations Indicate the Need for AppSec Throughout the SDLC

    Last year, the PCI Security Standards Council published the PCI Secure Software Standard and the PCI Secure Software Lifecycle (Secure SLC) Standard as a part of a new PCI Software Security Framework (SSF), also referred to as PCI S3. The SSF offers objective-focused security best practices that outline what a good application security program looks like, with consideration for both traditional… READ MORE

  • In the Financial Services Industry, 74% of Apps Have Security Flaws

    Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11 (SOSS) report found that the financial services industry has the smallest proportion of applications with security flaws compared to other sectors… READ MORE

  • A Software Security Checklist Based on the Most Effective AppSec Programs

    Veracode’s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based on a survey of nearly 400 developers and security professionals,… READ MORE

  • Hot off the Press: Veracode Named a 2020 Gartner Peer Insights Customers’ Choice for AST

    Veracode has been officially recognized by Gartner Peer Insights as a 2020 Customers’ Choice for Application Security Testing. The report includes Veracode’s aggregate score of 4.6 out of 5 stars out of 95 independent customer reviews (as of July 31, 2020), and of the reviewers, 92 percent said that they would recommend Veracode’s AST solutions. Veracode, the largest global provider of… READ MORE

  • 5 Lessons About Software Security for Cybersecurity Awareness Month

    October is cybersecurity awareness month, and this year, the overarching theme is “Do Your Part. #BeCyberSmart.” When considering what “cybersmart” means in application security, we realized we unearthed some data this year that made us a little cybersmarter and could help other security professionals and developers increase their AppSec smarts as well. We’re sharing those data gems below. 1.… READ MORE

  • 96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws

    Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But – shockingly – less than half of these organizations have invested in specific security controls to scan for open source… READ MORE

  • Focus on Fixing, Not Just Finding, Vulnerabilities

    When investing in an application security (AppSec) program, you expect to see a return on your investment. But in order to recognize a return, your organization needs to determine what success looks like and find a way to measure and prove that the program is meeting your definition of success. For those just starting on their AppSec journey, success might be eliminating OWASP Top 10… READ MORE

  • The Migration From PA-DSS to SSF: Everything You Need to Know

    Technology is constantly changing and advancing. Payment platforms are no exception. As these new platforms emerge, the software supporting the platform must be reliable and secure. Without secure payment platforms, payment transactions and data could be compromised. The PCI Software Security Framework (SSF) sets standards and requirements for both traditional and modern payment software. The… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.