Jim has been an application security practitioner for about 10 years and now manages the Application Security Consulting group at Veracode. He holds a postgraduate degree in computer science from RPI, with a specialization in software engineering. Prior to joining Veracode, Jim developed software for consumer broadband, nuclear power generation SCADA systems, and multimedia content delivery for mobile devices.
As important as application security testing is, it's really just the first step in a continuous process to identify and fix flaws. And, depending on your application, you may have hundreds of flaws which require remediation. Some of the most common questions I hear when consulting with customers, particularly new customers, are, “how can I make sure I’m remediating the flaws I find,” followed by… READ MORE
Stay up to date on Application Security
- How to Help Developers Accept and Embrace Security TestingFebruary 14, 2017 | Secure Development
In previous posts in this blog series, I've explained that AppSec teams should have empathy for developers as they go through the stages of grief after an unfavorable security assessment of their code. In this post, we wrap up by discussing how to get developers to move through the final two stages – from bargaining to acceptance. Bargaining: "We have a firewall that handles this." The bargaining… READ MORE
- A Developer’s Stages of Grief After a Failed Security AssessmentFebruary 13, 2017 | Secure Development
After nearly 10 years as a security consultant, I've talked to thousands of developers about remediating security flaws in their code. It's not always an easy conversation, and developers have a wide range of emotional reactions, not all of them good. The fact is, developers are increasingly responsible for quality assurance and security testing of their code, tasks that didn’t used to be part of… READ MORE
- AppSec Managers Should Have Empathy for DevelopersFebruary 10, 2017 | Secure Development
Developers don't always respond well to security assessments that highlight flaws in their code. With a little bit of empathy, it's not hard to understand why developers might react with frustration, annoyance, or even hostility. Security testing should be a dispassionate and routine part of the software development lifecycle – application security professionals will tell you it’s never personal… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.