Skip to main content

Joseph Feiman

Joseph Feiman is Chief Innovation Officer at Veracode. In this role, Joseph is responsible for advanced technologies that drive innovative detection and protection strategies. Joseph is a recognized industry leader with nearly two decades’ experience in application development and security, analyzing the market for Gartner Research.

Posts by Joseph Feiman
  • Technologies Designed or Transformed for DevSecOps-Enablement

    As we outlined in a previous blog post, if we are to choose ideal technologies for DevOps, they should be the ones that are: 1) invisible to Dev and Ops teams, 2) do not require learning by Dev and Ops, 3) run practically by themselves, without Dev and Ops interference, 4) continuously test applications in increments, 5) not only detect vulnerabilities, but also protect applications against… READ MORE

Stay up to date on Application Security

  • Critical Capabilities that DevSecOps Technologies Should Demonstrate

    As we outlined in a previous blog post, security technologies, in order to fit DevOps and other agile development processes, should be at the fingertips of Dev and Ops professionals. Yet, neither group is necessarily proficient in security, security is not their priority, and security tools are often unintuitive to people outside the security industry. Cloud-based application security services (… READ MORE

  • Application Security Predictions for 2017 and Beyond

    As 2016 winds down, I’ve been reflecting on how far the application security market has come over the past 12 years I’ve been involved in the industry. We’ve come a long way. But as technology continues to evolve, so will application security. The growing trend of continuous development, increasing use of third-party and open-source components, and the surging number of applications means we will… READ MORE

  • How to Evaluate and Select Application Security Testing Vendors

    The application security testing (AST) market is getting crowded. In addition, many of the vendors offer multiple technologies, and are promising even more advanced technologies in the near future. Some deliver technologies as tools, some as services. And these technologies are all priced differently. The question is: How do you evaluate the marketplace and select the right vendor? In this blog,… READ MORE

  • The Gap Between Development and Security Specialists Should Be Closed

    All too often, application development professionals believe that application security is not their responsibility. To make matters worse, this belief is shared by their managers and CIOs, and reinforced by organizational structures and job descriptions. When asked about application security, developers might say: They are responsible only for application functionality and quality. They are not… READ MORE

  • Evolution Toward DevSecOps: Failures and Successes

    As we outlined in the previous blog post, DevOps is in danger of not being properly secured unless it adopts technologies specifically designed for that purpose. Traditional application security technologies were not designed to work in a DevOps environment. Even from DevOps name, it is obvious, that DevOps-enabling tools should be designed for Development and Operations specialists. And for some… READ MORE

  • Why DevOps Is Not DevSecOps

    The IT industry has long welcomed DevSecOps, yet it is still poorly adopted. Gartner tellingly defines its status as: “Trough of Disillusionment.” What is inhibiting adoption? For the answer, look at its definition, and you will sense something odd. It is defined as a set of processes, people, methods, models, policies, culture, recipes, blueprints and templates.  This list misses the most… READ MORE

  • Why RASP does not negate the need for testing

    https://www.veracode.com/products/binary-static-analysis-sastWhen one calls a technology “transformational” as I have with RASP, there are expectations that this technology will change the direction of a market. The market expects the solution to address a serious problem in such a way that the problem is made much smaller. One misconception is that this transformational technology will replace… READ MORE

  • What is real-time security and why it is needed

    Application security has emerged, evolved, matured and adopted at the programming and testing phases of application lifecycle, not at its operation phase. Technologies for application protection at the operation phase have been adopted at lesser degree and even then they are only adopted with some stipulation. This can be explained.… READ MORE

  • Why I came to Veracode

    Recently Veracode announced that I had left my position as a Research VP and Fellow at Gartner to join the company in its pursuit of securing the world’s software.  Some may ask, “why after almost two decades of helping shape the security market, have I decided to leave Gartner and work with a vendor?” I did not take the decision lightly,… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.