Jessica Lavery

Jessica is part of the content team at CA Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.
Posts by Jessica Lavery

AppSec Is a Major Concern, But Still Not a Top Priority

July 16, 2015

Imagine this scenario: Your brother tells you he is very concerned because the brakes on his car haven't been working right lately – but he just doesn't have time to get to the mechanic. It is important he gets to work quickly, and putting his car in the shop will slow him down. What would you say? You'd probably offer to let him borrow your car – right after you slap him... READ MORE

OPM Breach: How Far Does the Rabbit Hole Go?

July 6, 2015  | 6

We recently released the "State of Software Security Volume 6: Focus on Industry Verticals." This is the first State of Software Security report that has a specific focus on industry trends, and some of the results are causing me to have déjà vu. For example, compare this recent headline from Re/Code: "Why the Federal Government Sucks at Cyber Security" to a ZDNet article... READ MORE

Ignore At Your Own Peril: Popular Third-party Applications Can have Vulnerabilities Too

June 24, 2015

adobe.png Adobe has issued emergency patches to address a critical vulnerability in Flash Player versions 16.0.0.287 and earlier for Windows and Macintosh systems. The vulnerability, CVE-2015-0311, has been exploited in the wild, via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. The vulnerability can potentially allow... READ MORE

Insurance Industry Is Under Attack by Cybercriminals

June 10, 2015

Security isn't easy, and with cybercriminals, or at least one specific group, targeting insurance agencies -- it just got tougher for the industry. 12404409_m.jpg The CareFirst breach is the latest in a string of insurance company breaches. Attackers gained access to names, birth dates, email addresses and insurance identification numbers for approximately 1.1 million... READ MORE

The Elephant in the Room: Why Enterprises Are Finally Discussing Third-Party Security

June 9, 2015

We are seeing increased attention on application security in terms of the security of applications companies build. But when it comes to the applications that companies buy, strategies at most companies remain fragmented and ineffective. These plans depend on questionnaires regarding the application security practices at the vendor – which means the enterprise must trust that the vendor is... READ MORE

How Organized Was Your Heartbleed Response?

June 2, 2015  | Managing AppSec

Heartbleed, Shellshock, FREAK, POODLE, VENOM – these are just some of the branded vulnerabilities that were disclosed in the past 18 months. With so many branded vulnerabilities coming out executives are paying more attention to application security. This is great, except that it also means CISOs and security professionals are under increased pressure to react to vulnerability disclosures,... READ MORE

How CISOs Can Make a Better Case For Security

May 26, 2015

31270533_s.jpg As more enterprises become digital businesses and rely on applications to keep pace with innovation, the value of security will continue to grow. However, CISOs often struggle with non-IT executive communication and demonstrating how their programs provide value. For enterprises to remain competitive in this application economy, it is up to CISOs to communicate how... READ MORE

CISO Corner: Barry Caplin, VP, Chief Information Security Official, Fairview Health Services

May 22, 2015

I spoke with Barry Caplain, VP, Chief Information Security Official, Fairview Health Services, at legnth regarding his security philosophy and the changing role of the CISO. Our conversation can be found here: Who were some of the early influencers in your career? Barry: "I've worked under some great leaders, yet I don't think there is any single person who significantly shaped my... READ MORE

VENOM – Not as Deadly as a Heartbleed

May 13, 2015  | Security News

This morning, CrowdStrike issued a vulnerability disclosure for CVE-2015-3456 — branded VENOM (Virtualized Environment Neglected Operations Manipulation). VENOM is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. I’ve seen a few articles from reputable outlets claiming that the vulnerability is “bigger than Heartbleed.... READ MORE

Even Software From a Large Supplier Can Have Vulnerabilities

May 12, 2015

The software an enterprise buys can introduce just as much risk into the organization as the software the enterprise builds itself. However, even enterprises that have mature secure development processes are prone to inadequately securing their software supply chain. Why? Because ensuring the software an enterprise is purchasing is secure is hard. Typical software supply chain security programs... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu