Tim Jarrett

Tim Jarrett is Senior Director of Product Marketing at CA Veracode. A Grammy-award winning product professional, he joined CA Veracode in 2008 and has a Bacon number of 3. He can be found on Twitter as @tojarrett.
Posts by Tim Jarrett

Looking Ahead to RSA: Talking Open Source Components

March 23, 2018

The marquee event of the security industry is fast approaching – the 2018 RSA Conference will take place in San Francisco April 16 to 20. This is a highlight of the year for all of us at CA Veracode, and we will have a major presence there, in part because of the sheer size of this event – both in terms of attendance and scale. It’s definitely the leading business-focused security show, and we... READ MORE

Best Practices for Complying with Emerging Application Security Regulations

August 14, 2017  | Managing AppSec

In a previous blog post, we discussed how the proliferation of data breaches has caught the attention of regulators, which are increasingly focused on cybersecurity and application security. Case in point: Two recent major regulations – the EU General Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their... READ MORE

What You Need to Know About the Latest Trends in AppSec Regulations

August 8, 2017  | Managing AppSec

As major data breaches continue to expose customers’ sensitive data and cause major monetary and reputation damage to organizations, regulators are taking notice. Two recent major regulations – the EU General Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their scope and depth. Considering the prominence... READ MORE

Announcing Updates to CA Veracode Integrations to Microsoft Visual Studio Team Services, Team Foundation Server and Visual Studio

July 24, 2017  | Secure Development

We are pleased to announce updates to the CA Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or have approved mitigations. The... READ MORE

CA Veracode Visual Studio Extension, Now in the Visual Studio Marketplace

March 28, 2017  | Customer News

Application security cannot be solved with a tool alone. There are significant organizational challenges, like gaining buy-in from various areas of your organization, helping developers to fix security flaws and making sure that security becomes part of the testing process. It’s truly a cultural shift. As such, adoption of application security will only be successful if you eliminate as much... READ MORE

Application Security? But I Have a WAF!

December 28, 2016  | Intro to AppSec

Ineffective Web Application Firewalls

It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with it? Why should you spend time hunting down vulnerabilities in your code and figuring out how to fix them? The “appliance throwing”... READ MORE

5 Ways to Keep Your Applications Safe From Vulnerable Components

December 1, 2016  | Secure Development

In earlier blog posts in this series, we’ve learned more about how the vulnerability used to break into the San Francisco Municipal Transportation Agency’s computers may have come from a single vulnerable open source component. We’ve talked a little about how developers use open source components – and why it’s hard for them to know what’s in their applications... READ MORE

How One Open Source Component Put Up to 25% of Java Applications at Risk

November 30, 2016  | Secure Development

In the first part of our blog series on the ransomware attack on the San Francisco Municipal Transportation Agency, we discussed how the attacker chose to exploit a deserialization vulnerability in WebLogic to compromise vulnerable systems. And we learned that this vulnerability was a big target, because it is the result of a component (Apache Commons Collections) present in about 50 percent of... READ MORE

Why the Ransomware Attack on San Francisco Is Such a Big Deal

November 29, 2016  | Secure Development

The day after Thanksgiving saw the San Francisco Municipal Transportation Agency hit with a ransomware attack. The attacker demanded 100 bitcoins (about $73,000) to unlock the computer systems and ticketing machines. According to security journalist Brian Krebs, the SFMTA wasn’t targeted for political reasons – it was a target of opportunity discovered by an attacker looking for... READ MORE

Regulations like FS-ISAC and PCI are now looking at the security of open source components, are you ready?

November 29, 2016  | Managing AppSec

regulations appsec compliance

For years, organizations have “checked the box” by doing the minimum to meet security standards like PCI and FS-ISAC, but a rising tide of breaches has caused most auditors to look more seriously at organizations’ security practices, including the security of open source components. Do your developers use open source components? Are you prepared to answer regulators about their safety?... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu