Joseph Feiman

Joseph Feiman is Chief Innovation Officer at Veracode. In this role, Joseph is responsible for advanced technologies that drive innovative detection and protection strategies. Joseph is a recognized industry leader with nearly two decades’ experience in application development and security, analyzing the market for Gartner Research.
Posts by Joseph Feiman

Technologies Designed or Transformed for DevSecOps-Enablement

March 8, 2017  | Managing AppSec

As we outlined in a previous blog post, if we are to choose ideal technologies for DevOps, they should be the ones that are: 1) invisible to Dev and Ops teams, 2) do not require learning by Dev and Ops, 3) run practically by themselves, without Dev and Ops interference, 4) continuously test applications in increments, 5) not only detect vulnerabilities, but also protect applications against... READ MORE

Critical Capabilities that DevSecOps Technologies Should Demonstrate

February 28, 2017  | Managing AppSec

As we outlined in a previous blog post, security technologies, in order to fit DevOps and other agile development processes, should be at the fingertips of Dev and Ops professionals. Yet, neither group is necessarily proficient in security, security is not their priority, and security tools are often unintuitive to people outside the security industry. Cloud-based application security services (... READ MORE

Application Security Predictions for 2017 and Beyond

December 6, 2016  | Managing AppSec

As 2016 winds down, I’ve been reflecting on how far the application security market has come over the past 12 years I’ve been involved in the industry. We’ve come a long way. But as technology continues to evolve, so will application security. The growing trend of continuous development, increasing use of third-party and open-source components, and the surging number of... READ MORE

How to Evaluate and Select Application Security Testing Vendors

December 5, 2016  | Intro to AppSec

The application security testing (AST) market is getting crowded. In addition, many of the vendors offer multiple technologies, and are promising even more advanced technologies in the near future. Some deliver technologies as tools, some as services. And these technologies are all priced differently. The question is: How do you evaluate the marketplace and select the right vendor? In this blog,... READ MORE

The Gap Between Development and Security Specialists Should Be Closed

November 8, 2016  | Managing AppSec

All too often, application development professionals believe that application security is not their responsibility. To make matters worse, this belief is shared by their managers and CIOs, and reinforced by organizational structures and job descriptions. When asked about application security, developers might say: They are responsible only for application functionality and quality. They are not... READ MORE

Evolution Toward DevSecOps: Failures and Successes

September 13, 2016  | Secure Development

As we outlined in the previous blog post, DevOps is in danger of not being properly secured unless it adopts technologies specifically designed for that purpose. Traditional application security technologies were not designed to work in a DevOps environment. Even from DevOps name, it is obvious, that DevOps-enabling tools should be designed for Development and Operations specialists. And for some... READ MORE

Why DevOps Is Not DevSecOps

August 25, 2016  | Intro to AppSec

The IT industry has long welcomed DevSecOps, yet it is still poorly adopted. Gartner tellingly defines its status as: “Trough of Disillusionment.” What is inhibiting adoption? For the answer, look at its definition, and you will sense something odd. It is defined as a set of processes, people, methods, models, policies, culture, recipes, blueprints and templates.  This list... READ MORE

Why RASP does not negate the need for testing

February 22, 2016  | Managing AppSec one calls a technology “transformational” as I have with RASP, there are expectations that this technology will change the direction of a market. The market expects the solution to address a serious problem in such a way that the problem is made much smaller. One misconception is that this transformational... READ MORE

What is real-time security and why it is needed

January 29, 2016  | Intro to AppSec

28047375_ml.jpg Application security has emerged, evolved, matured and adopted at the programming and testing phases of application lifecycle, not at its operation phase. Technologies for application protection at the operation phase have been adopted at lesser degree and even then they are only adopted with some stipulation. This can be explained. Adopting application assessment/... READ MORE

Why I came to Veracode

January 5, 2016  | Customer News | Security News 3

jfeiman-1.jpg Recently Veracode announced that I had left my position as a Research VP and Fellow at Gartner to join the company in its pursuit of securing the world’s software.  Some may ask, “why after almost two decades of helping shape the security market, have I decided to leave Gartner and work with a vendor?” I did not take the decision lightly, and... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.