Jessica Lavery

Jessica is part of the content team at Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.
Posts by Jessica Lavery

Verizon’s 2016 Data Breach Investigations Report Demonstrates Traditional Approaches to AppSec Aren’t Working

May 5, 2016  | Security News

It has taken me a few days to wade through all the data and information in this year’s Verizon Data Breach Investigations Report, but I’ve finally found the time to read it all the way to the end. As always, the report is full of interesting statistics about breach and incident trends. While each section of the report offered valuable insights and information, I found the section on... READ MORE

Examining Dark Territory With Fred Kaplan

May 4, 2016  | Security News

On Tuesday night at RSA, Veracode held a book launch of Fred Kaplan’s Dark Territory: The Secret History of Cyber War. Kaplan was on site to sign copies of his book and to discuss the history of cyber war. That’s right, history, not future, of cyber war. Dark Territory looks back at the history of cyber war. Opening with a story from the Reagan administration, the book then examines... READ MORE

Striking a Balance: How Software Producers Can Boost Security Without Comprising Development Speed

April 28, 2016  | Intro to AppSec

The importance – and pressure -- of developing and managing secure code aren't lost on today's software vendors. As clouds have drifted into the mainstream, mobility and apps have become pervasive, and user expectations around functionality have grown, the need to deliver updates, patches and improvements on a regular and ongoing basis has skyrocketed. Many software providers now... READ MORE

What Gets Measured Gets Done: a Motto to Live by in Application Security

March 31, 2016  | Managing AppSec

Back in December, the CISO of a financial services company explained how he took his company’s application security program from 0-60 in 12 months. Now, that same CISO explains why measurement was a critical component to the program’s success. As we developed our application security strategy, gaining buy-in from various stakeholders was an essential part of making it a success. But,... READ MORE

Don’t Overreact: 5 Steps for Responding to Vulnerability Disclosures

March 19, 2016  | Intro to AppSec

Heartbleed, Shellshock, FREAK, POODLE, VENOM – these are just some of the branded vulnerabilities that were disclosed in the past two years. With so many branded vulnerabilities coming out executives are paying more attention to application security. This is great, except that it also means security professionals are under increased pressure to react to vulnerability disclosures, rather... READ MORE

How the Legal Department Can Improve Your Vendor Application Security Program

March 16, 2016  | Managing AppSec

In order to keep up with the need for applications, companies are purchasing software at an accelerated rate. And if you are like most companies, your processes for vetting the security of your software is probably not very sophisticated. Most companies rely on questionnaires or even just a wink and a nod from the vendor’s account manager. Companies that recognize the risk introduced from... READ MORE

RSAC 2016 Final Reflections

March 4, 2016  | Security News

I am thrilled I was able to attend so many sessions at RSA this year. I learned a lot about the state of the industry, and the things people outside of Veracode are talking about. The expo hall was bustling as usual, and the sheer number of vendors vying for attention tells me this problem isn’t going away anytime soon. Below are my overall impressions from the conference. I am interested... READ MORE

RSA: Cybersecurity by the Numbers

March 3, 2016  | Security News 4

RSA conducted a survey with the assistance of ISACA to help determine the current state of cybersecurity and what the implications for the future will be. First, Jennifer Lawinski from RSA provided information on the top topics for this year’s conference. There were 10 common phrases used in RSA speaking submissions for 2016: Internet of Things Industrial controls Encryption AI and machine... READ MORE

RSA: … But Now I See - A Vulnerability Disclosure Maturity Model

March 3, 2016  | Security News

In the application security world, we are all familiar with the BSIMM Maturity Model for determining what areas you need to invest in for application security.  Katie Moussouris, Chief Policy Officer at HackerOne, has created a maturity model for vulnerability disclosures. We aren’t talking about a model to determine your preparedness for a public vulnerability disclosure, like... READ MORE

RSA: Myth Busting the Security Landscape and Development Cycle

March 3, 2016  | Security News

This RSA session was actually two separate presentations dealing with the misconceptions in the security industry. The first, by Richard Stiennon, chief research analyst at IT-Harvest, focused on some of the misconceptions in the industry and used data from his analyst research to demonstrate why these beliefs are not true. The second part was given by Gary McGraw, CTO Citigal, and dealt with the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu