Authors

Jim Jastrzebski

Jim has been an application security practitioner for about 10 years and now manages the Application Security Consulting group at Veracode. He holds a postgraduate degree in computer science from RPI, with a specialization in software engineering. Prior to joining Veracode, Jim developed software for consumer broadband, nuclear power generation SCADA systems, and multimedia content delivery for mobile devices.

Posts by Jim Jastrzebski

5 Ways Veracode Helps You Fix Software Flaws

August 2, 2017 | Customer News

As important as application security testing is, it's really just the first step in a continuous process to identify and fix flaws. And, depending on your application, you may have hundreds of flaws which require remediation. Some of the most common questions I hear when consulting with customers, particularly new customers, are, “how can I make sure I’m remediating the flaws I find,” followed by... READ MORE›

Stay up to date on Application Security

How to Help Developers Accept and Embrace Security Testing

February 14, 2017 | Secure Development

In previous posts in this blog series, I've explained that AppSec teams should have empathy for developers as they go through the stages of grief after an unfavorable security assessment of their code. In this post, we wrap up by discussing how to get developers to move through the final two stages – from bargaining to acceptance. Bargaining: "We have a firewall that handles this.... READ MORE›

A Developer’s Stages of Grief After a Failed Security Assessment

February 13, 2017 | Secure Development

After nearly 10 years as a security consultant, I've talked to thousands of developers about remediating security flaws in their code. It's not always an easy conversation, and developers have a wide range of emotional reactions, not all of them good. The fact is, developers are increasingly responsible for quality assurance and security testing of their code, tasks that didn’t used... READ MORE›

AppSec Managers Should Have Empathy for Developers

February 10, 2017 | Secure Development

Developers don't always respond well to security assessments that highlight flaws in their code. With a little bit of empathy, it's not hard to understand why developers might react with frustration, annoyance, or even hostility. Security testing should be a dispassionate and routine part of the software development lifecycle – application security professionals will tell you it’s never personal... READ MORE›

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.

*Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.