Skip to main content

Joseph Feiman

Joseph Feiman is Chief Innovation Officer at Veracode. In this role, Joseph is responsible for advanced technologies that drive innovative detection and protection strategies. Joseph is a recognized industry leader with nearly two decades’ experience in application development and security, analyzing the market for Gartner Research.

Posts by Joseph Feiman
  • Technologies Designed or Transformed for DevSecOps-Enablement

    As we outlined in a previous blog post, if we are to choose ideal technologies for DevOps, they should be the ones that are: 1) invisible to Dev and Ops teams, 2) do not require learning by Dev and Ops, 3) run practically by themselves, without Dev and Ops interference, 4) continuously test applications in increments, 5) not only detect vulnerabilities, but also protect applications against… READ MORE

Stay up to date on Application Security

  • Critical Capabilities that DevSecOps Technologies Should Demonstrate

    As we outlined in a previous blog post, security technologies, in order to fit DevOps and other agile development processes, should be at the fingertips of Dev and Ops professionals. Yet, neither group is necessarily proficient in security, security is not their priority, and security tools are often unintuitive to people outside the security industry. Cloud-based application security services (… READ MORE

  • How to Evaluate and Select Application Security Testing Vendors

    The application security testing (AST) market is getting crowded. In addition, many of the vendors offer multiple technologies, and are promising even more advanced technologies in the near future. Some deliver technologies as tools, some as services. And these technologies are all priced differently. The question is: How do you evaluate the marketplace and select the right vendor? In this blog,… READ MORE

  • The Gap Between Development and Security Specialists Should Be Closed

    All too often, application development professionals believe that application security is not their responsibility. To make matters worse, this belief is shared by their managers and CIOs, and reinforced by organizational structures and job descriptions. When asked about application security, developers might say: They are responsible only for application functionality and quality. They are not… READ MORE

  • Why RASP does not negate the need for testing

    When one calls a technology “transformational” as I have with RASP, there are expectations that this technology will change the direction of a market. The market expects the solution to address a serious problem in such a way that the problem is made much smaller. One misconception is that this transformational technology will replace all previous technologies aiming to solve the same problem.… READ MORE

  • What is real-time security and why it is needed

    Application security has emerged, evolved, matured and adopted at the programming and testing phases of application lifecycle, not at its operation phase. Technologies for application protection at the operation phase have been adopted at lesser degree and even then they are only adopted with some stipulation. This can be explained.… READ MORE

  • Why I came to Veracode

    Recently Veracode announced that I had left my position as a Research VP and Fellow at Gartner to join the company in its pursuit of securing the world’s software.  Some may ask, “why after almost two decades of helping shape the security market, have I decided to leave Gartner and work with a vendor?” I did not take the decision lightly,… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.