Suzanne Ciccone

Suzanne is part of the content team at Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

State of Software Security Vol 9: Top 4 Takeaways for Developers

November 8, 2018

We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April 30, 2018. The data reveals a clear picture of both the security of code organizations are producing... READ MORE

State of Software Security Volume 9: Top 5 Takeaways for CISOs

October 30, 2018

We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April 30, 2018. The data reveals a clear picture of both the security of code organizations are producing today,... READ MORE

Application Security Mistake No. 6: Going It Alone

October 9, 2018

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the sixth and final post in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

Application Security Mistake No. 5: Lack of Buy-In

September 13, 2018

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the fifth in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

Veracode Users Talk About Selecting an AppSec Solution

September 10, 2018

With the shift to DevSecOps, developers are now primarily responsible for security testing in the early phases of the SDLC. If developers are conducting security testing, the old rules for selecting an application security solution no longer apply. What do application security selection criteria look like in a DevSecOps world? Veracode users are talking about this shift and their new selection... READ MORE

“Shifting Left” Requires Remediation Guidance

September 7, 2018

Shifting security “left” is about more than simply changing the timing of testing. When security shifts to earlier phases of the development lifecycle, it also changes the players responsible for conducting the testing and addressing the results. In the not-so-distant past, the security team would conduct most security testing late in the software development process, pass the results back “over... READ MORE

Application Security Mistake No. 4: Ignoring AppSec Policies

August 30, 2018

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

Trends in Open Source Security

August 28, 2018

We recently held a Virtual Summit centered on the topic of open source library use and risk. Mark Curphey, Veracode’s VP of Strategy, gave the keynote address on trends in this space. Curphey, who is also the founder of OWASP and previously CEO of SourceClear (recently acquired by Veracode), believes that we are at a fundamental turning point in application security. He sees this shift stemming... READ MORE

AppSec Mistake No. 3: Neglecting to Integrate AppSec Into Developer Processes

August 15, 2018

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

AppSec Mistake No. 2: Ignoring Open Source Library Use

August 3, 2018

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the second in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security success. Open... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu