As Director of Developer Engagement, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec experience as both a developer and development leader, Pete provides information on best practices amassed from working with Veracode’s 1,000+ customers.
Pete joined Veracode in 2006 as a platform developer and was instrumental in delivering the first version of Veracode’s service to customers. Later, as Director of Platform Engineering, Pete managed the Agile teams responsible for delivering Veracode’s SaaS platform and built the first DevOps team. Pete also spearheaded…
The rise of DevOps has given rise to a new type of developer, what I call the full spectrum engineer (FSE). In my previous blog post in this series, I looked at the evolution of software development from requiring specialists to developers who can do it all. So what does it take to thrive in a…
I’ve been a software engineer for over 25 years. Over that time, there has been a pendulum in the industry that swings between demand for developers as specialists or generalists. As new architectures, development methodologies, and organizational structures emerge, development teams need…
Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know.
When I was actively developing enterprise software, I would visit the…
This next post picks up where we left off in our previous discussion around automation within developers’ toolchains. Once developers have a methodology to perform security assessments and fix identified vulnerabilities within an integrated environment, the next question is how to assess new code…
