Suzanne Ciccone

Suzanne is part of the content team at Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

Application Security Beyond Static Analysis

June 18, 2019  | Managing AppSec

table thead th, table tbody td, table tr td { border-left: 1px solid #e5e5e5; } .blog-home-page .content-wrapper table th { color: #000; } .table-overflow { overflow-x: auto; } There is no application security “silver bullet” – it takes a combination of testing types to effectively reduce your risk. Each testing method has a different role to play and works best when used in... READ MORE

Keys to Scaling Your Application Security Program

May 16, 2019  | Customer News

It’s best practice to kick off your AppSec inititive by starting small, scanning your most business-critical apps, and addressing the most severe flaws. But it’s also best practice to scale your program to eventually cover your entire app landscape, and all flaws. Why? First, because you can be breached through non-critical apps; JP Morgan was breached through third-party software supporting its... READ MORE

What Is Fix Rate, and Why Does It Matter?

April 25, 2019

Once your application security program is up and running, there are several metrics you can use to gauge your progress and optimize your program. For instance, companies typically measure their scan activity, flaw density, and policy compliance. However, very few include metrics for fix rate, despite the fact that it is an important indicator of a program’s success. Fix rate indicates how long it... READ MORE

What Goals Are Right for Your AppSec Program?

January 30, 2019

Clear objectives and goals are key to success for any initiative, and AppSec is no exception. But many organizations struggle to establish application security goals, or focus on the wrong goals to the detriment of their program. Below we outline factors to consider when creating goals for your application security program. Metrics At a high level, the goals for your AppSec program should focus... READ MORE

Did You Read Our Most Popular 2018 Blog Posts?

January 15, 2019

Every January, we get a lot of valuable insights by looking back at our most popular blog posts in the previous year, and 2018 was no exception. The posts that resonated the most last year paint a clear picture of topics most important to the security and development communities – from open source risk, to using AppSec as a competitive differentiator, to security’s new role in a DevOps world. The... READ MORE

Key Takeaways From SANS Report: Secure DevOps 2018: Fact or Fiction?

January 11, 2019

DevOps, with its focus on speed and incremental development, is changing the application security landscape. We’ve talked about this change a lot in the past couple years, and how security should fit into this picture. Now SANS is taking a look at how security actually is fitting into this DevOps picture in practice. In a recent survey, the sixth in a series of annual studies by SANS on security... READ MORE

How AppSec Reduces Unplanned Work

December 11, 2018

Unplanned work is the enemy of productivity – in all aspects of life. Any activity that pops up unexpectedly and eats up your time and resources is a productivity killer. You’ve probably experienced this at home – you drop your son at baseball practice, drive home, and then get a call that he left his glove at home and needs you to bring it to him. Or you’ve experienced it at work – an email is... READ MORE

State of Software Security Vol 9: Top 4 Takeaways for Developers

November 8, 2018

We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April 30, 2018. The data reveals a clear picture of both the security of code organizations are producing... READ MORE

State of Software Security Volume 9: Top 5 Takeaways for CISOs

October 30, 2018

We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April 30, 2018. The data reveals a clear picture of both the security of code organizations are producing today,... READ MORE

Application Security Mistake No. 6: Going It Alone

October 9, 2018

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the sixth and final post in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

 

 

contact menu