John Zorabedian
John Zorabedian is a blogger, content marketer, and research editor. He has a background in marketing and journalism, writing about IT security, technology, business, politics and culture. He lives and works in the Boston area.Posts by John Zorabedian
NYDFS Cybersecurity Regulation Transition Period Ends
February 23, 2018 | Managing AppSec
March 1, 2018 marks the end of the one-year transition period for the New York Department of Financial Services (NYDFS) cybersecurity regulation. The passage of this date means affected organizations — including banks, insurance companies, and other financial services companies licensed by or operating in New York State — must be in compliance with a raft of security rules intended to protect non... READ MORE›
Research Report: DevSecOps Provides a Competitive Edge
January 23, 2018 | Research
Veracode has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating security throughout the development process... READ MORE›
The Biggest Cybersecurity Stories, Breaches and AppSec Lessons of 2017
December 22, 2017 | Customer News
The past year featured daily news about cyberattacks, data breaches, and software vulnerabilities. If it feels like our cybersecurity challenges grow bigger and more complex, year after year, it's more than just a perception. Research from security companies, including Veracode, shows that there are more attacks than ever, and organizations have not caught up with the preventive measures needed... READ MORE›
AppSec in Review Podcast: How Developers Respond to Security Findings
December 5, 2017 | Secure Development | Research
We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In this episode of the AppSec in Review podcast, Evan Schuman and... READ MORE›
What Developers Need to Know About the State of Software Security Today
November 28, 2017 | Research
We recently published our annual research report, the State of Software Security, analyzing data from 400,000 application scans over 12 months spanning 2016 and 2017. Now we’re issuing a State of Software Security Developer Guide, featuring additional data and analysis aimed at helping developers meet the goal of creating great software that’s also secure software. This report offers the... READ MORE›
OWASP Top 10 Updated for 2017: Here’s What You Need to Know
November 20, 2017 | Secure Development
For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community. This update went through two versions. After the initial release candidate in April 2017 got... READ MORE›
How to Connect With AppSec and Developer Peers in the Veracode Community
October 31, 2017 | Managing AppSec
Security professionals and developers have different roles, responsibilities, and skills, but a common goal in securing applications. Yet there aren't many places to connect with peers, who are among your best resources for solving AppSec and DevSecOps challenges. That's why we created the Veracode Community. The Veracode Community is a destination for developers and AppSec professionals to share... READ MORE›
What's New in the State of Software Security 2017 Report
October 18, 2017 | Security News
In the past year, we’ve seen an unprecedented series of cyber assaults on democratic elections, ransomware attacks that spread around the world affecting hundreds of thousands of systems in more than 150 countries, and record-breaking data breaches. If we’re going to address this growing crisis effectively, we need a probing inspection of root causes, and fearless prescriptions for new ways... READ MORE›
How Third-Party and Open Source Components Build Hidden Risk Into Software
September 25, 2017 | Secure Development
Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As today’s software is increasingly assembled from bits and pieces of open source... READ MORE›
Veracode Survey Research Identifies Cybersecurity Skills Gap Causes and Cures
August 17, 2017 | Security News
The shortage of cybersecurity professionals is on pace to reach 1.5 million empty positions globally by 2020, according to Frost & Sullivan. Yet, as the digital economy relies on rapid innovation in software, the growing demand for developers with security skills is also dangerously outpacing supply. Now, a survey of development and IT professionals, conducted by Veracode and DevOps.com, has... READ MORE›
