Laura Paine

Laura Paine is the senior content developer at Veracode, based in Burlington, MA. In this role, she is responsible for research, including publishing Veracode's annual State of Software Security Report, current events, and product content for the company blog. Prior to taking this role in content marketing, she was the global public relations and analyst relations manager.
Posts by Laura Paine

How Many Web Applications Does Your Organization Have? It’s More Than You Think

April 2, 2019

“Automation has saved a tremendous amount of time. We went from a day per app to review and now we are essentially reviewing through automation 18,000 scans a day with only 20 AppSec engineers. You do the math — 18,000 deploys a day with 20 engineers — you can’t scale that manually.” – Senior manager application and cloud security, insurance, The Total Economic ImpactTM of the Veracode... READ MORE

Why You Should Reconsider Prioritizing High Severity Vulnerabilities in Your Fix Schedule

February 22, 2019

Veracode Not all Vulnerablities are Created Equal SCA Open Source

When it comes to vulnerabilities, there is a range of severity and exploitability, which often dictates how quickly a flaw is fixed upon discovery. Most companies prioritize high severity and critical vulnerabilities, but ignore lower severity vulnerabilities. The highest severity flaws are less complicated to attack, offer more opportunity for full application compromise, and are more likely to... READ MORE

Ohio Senate Bill 220 Incentivizes Businesses to Maintain Higher Levels of Cybersecurity

February 6, 2019

Veracode Ohio SB 220 Data Protection Act

In the last two years alone, there has been a number of high-profile breaches that have given organizations pause, asking them to consider whether the same kind of event could happen to them. After all, a cybersecurity breach could seriously damage or even level your business if you’re not prepared and do not have the appropriate security programs in place. We’ve seen the implementation of the... READ MORE

The Top Cybersecurity Breaches of 2018

January 14, 2019

The past year was a wild ride on many fronts, and it included some of the biggest data breaches we’ve seen in recent history. According to a report from Business Insider, some of the biggest victims in 2018 were T-Mobile, Quora, and Orbitz. Millions of people around the world were left vulnerable, as hackers accessed and stole their personal information – which in some cases included passport... READ MORE

Marriott Confirms Less Than 383 Million Unique Guests Affected in Starwood Data Breach

January 7, 2019

Veracode Marriott Starwood Hotel Breach November 2018

Marriott has confirmed that the number of guests affected in the breach of Starwood’s guest reservation database is down from the originally estimated 500 million to “fewer than 383 million unique guests.” At this time, the hotel giant is unable to confirm an exact number of guests impacted. According to the statement, approximately 5.25 million unique unencrypted passport numbers and 20.3... READ MORE

Hackers Exploit Known Google Chromecast Vulnerability in Thousands of Devices

January 3, 2019

Veracode Google Chromecast PewDiePie Hack

Starting the New Year off with a bang, Hacker Giraffe and J3ws3r reportedly exploited a vulnerability in thousands of Google Chromecast streaming devices. The CastHack bug, allegedly disclosed nearly five years ago, enabled the hackers to remotely access thousands of the streaming devices, causing them to show a pop-up notice on connected TVs alerting users that their misconfigured router is... READ MORE

Carnegie Mellon’s Software Engineering Institute Report Shows Efficacy of Static Application Security Testing

December 21, 2018

A new report from Carnegie Mellon University’s Software Engineering Institute shows that automated, integrated Static Analysis improves software quality, reduces development time, and makes software more reliable and secure. By incorporating application security testing throughout the entirety of the Software Development Lifecycle (SDLC), organizations are able to ensure the security and quality... READ MORE

Indictment of Chinese Hackers Underscores Need for Stronger Cybersecurity

December 20, 2018

Veracode Chinese Hackers Indicted Spearphishing

According to a newly unsealed indictment, two Chinese nationals working with the Chinese ministry of state security have been charged with hacking a number of U.S. government agencies and corporations. The court filing indicates that Zhu Hua and Zhang Jianguo, members of Advanced Persistent Threat 10 (APT10), used phishing techniques in order to steal intellectual property, confidential business... READ MORE

These Silent Fixes are Silent Killers in Open Source Security

December 17, 2018

Veracode Open Source Silent Killer Silent Fix

When it comes to open source software, it’s natural for development and security leaders to want to know that the code they’re using is secure. Historically, they’ve relied on traditional software composition analysis solutions and the National Vulnerability Database to mine for open source issues. Yet there is a little-discussed fact that open source begets open source. We know that developers... READ MORE

An Avoidable Breach That Could Happen to Any Organization

December 12, 2018

Following a 14-month investigation into the Equifax breach that affected 148 million consumers around the world, a new report from a House Oversight and Government Reform Committee has concluded that the breach was entirely preventable. According to the report, Equifax “failed to fully appreciate and mitigate its cybersecurity risks” and if it had taken action, “the data breach could have been... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu