Sean is part of the customer success team at Veracode. He helps address customer issues and handles our support desk.
- Introducing Python Support
On our journey to ensure all open-source is being used safely, we have taken a step forward by adding language support for a growing community of developers. I am happy to announce that you can now scan your Python 2 applications and see if they are using vulnerable open-source libaries. We mirror PyPi packages in our library catalog, and already have hundreds of Python vulnerabilities cataloged… READ MORE
Stay up to date on Application Security
- Why Relying On the NVD is Not Good For Open-Source Security Tools
In part 1 of this blog series, I showed why it probably is not a good idea to use CPEs when trying to identify vulnerabilities in your code. Proper library identification is obviously crucial when trying to figure out what kind of nasty exploits might be hiding in that rails app you created 3 years ago (there are at least 20 vulnerabilities associated with all 3.x versions of rails) but a more… READ MORE
- Using CPEs for Open-Source vulnerabilities? Think Again
As a Customer Success Engineer, I spend a lot of time doing product demos and helping with configurations/customizations. I often get asked in demos something along the lines of “I was trying tool 'x' or tool 'y' which uses CPE’s and the NVD. What do you think of that?”. The other day I was asked the same question over email and so thought I would share my reply (edited for this blog of course).… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.