Suzanne Ciccone

Suzanne is part of the content team at Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

AppSec Mistake No. 2: Ignoring Open Source Library Use

August 3, 2018

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the second in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security success. Open... READ MORE

The Art of Secure Code

August 1, 2018

We think a high-quality and highly secure app is a work of art. As with any artistic endeavor, it takes creativity, resources, training, and talent to create secure code. Maybe it’s a little bit of stretch to compare your software developers to Picasso, but we would argue that there are a lot of similarities between creating a great piece of secure code and a great piece of art. For example, both... READ MORE

AppSec Mistake No. 1: Using Only One Testing Type

July 30, 2018

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the first in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security success. The... READ MORE

What Security Pros Will Get Out of Our Virtual Summit on Open Source Risk

July 5, 2018

There has been a fundamental shift in the way code is developed in the past 15 to 20 years. Today, developers do far more re-using of existing code than creating code from scratch. Taking advantage of the millions of open source libraries available has become standard operating procedure. And this new model comes with tremendous benefits – both for developers, and for the business – allowing both... READ MORE

What the Veracode Verified Continuous Tier Looks Like

June 27, 2018

We recently announced our Veracode Verified program. To better suit the needs of organizations that are producing and updating apps at DevOps speed, we are attesting to the security of the overall development process of an application, rather than to the security of an application at one point in time. In this way, your prospects and customers can rest assured that security was embedded... READ MORE

A Closer Look at the Veracode SourceClear Solution

June 26, 2018

The days of developers creating every line of code from scratch are over. The intense demand for newer, better software means development speeds have become correspondingly intense. In turn, developers need to rely on the pre-built functionality in open source libraries to keep up. The problem with this practice is that it also introduces a whole new layer of vulnerabilities into organizations’... READ MORE

Announcing the GA Release of SourceClear Custom Policies

June 13, 2018

We are very excited to announce the GA release of SourceClear Custom Policies. Custom Policies improves issue remediation and allows you to take greater control of your software delivery workflow. Why Do You Need Custom Policies? More than ever, development groups are relying heavily on open source software libraries to provide a rich feature set that can’t be built from scratch in a reasonable... READ MORE

What the Veracode Verified Team Tier Looks Like

June 5, 2018

We recently announced our Veracode Verified program. To better suit the needs of organizations that are producing and updating apps at DevOps speed, we are attesting to the security of the overall development process of an application, rather than to the security of an application at one point in time. In this way, your prospects and customers can rest assured that security was embedded... READ MORE

[VIDEO] Top 5 Tips on Application Security Policies

May 2, 2018

Policies are a critical part of your application security program; you need them to frame your program, set goals, measure success, and report on progress. But they can also stall your program if they work against, and not with, developer processes and priorities. With the shift to DevOps, and developers working in a faster and more incremental way, it might be a good time to ensure your policy... READ MORE

What the Veracode Verified Standard Tier Looks Like

April 30, 2018

We recently revamped and relaunched our Veracode Verified program. To better suit the needs of organizations that are producing and updating apps at DevOps speed, we are moving away from attesting to the security of an application at one point in time, and, rather, attesting to the security of the overall development process of an application. In this way, your prospects and customers can rest... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu