Skip to main content

Tim Jarrett

Tim Jarrett is Senior Director of Product Marketing at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and has a Bacon number of 3. He can be found on Twitter as @tojarrett.

Posts by Tim Jarrett
  • Application Security? But I Have a WAF!

    Updated 4/16/2020. Originally published 12/28/2016. It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with it? Why should you spend time hunting down vulnerabilities in your code and figuring… READ MORE

Stay up to date on Application Security

  • Looking Ahead to RSA: Talking Open Source Components

    The marquee event of the security industry is fast approaching – the 2018 RSA Conference will take place in San Francisco April 16 to 20. This is a highlight of the year for all of us at Veracode, and we will have a major presence there, in part because of the sheer size of this event – both in terms of attendance and scale. It’s definitely the leading business-focused security show, and we know… READ MORE

  • Best Practices for Complying with Emerging Application Security Regulations

    In a previous blog post, we discussed how the proliferation of data breaches has caught the attention of regulators, which are increasingly focused on cybersecurity and application security. Case in point: Two recent major regulations – the EU General Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their… READ MORE

  • What You Need to Know About the Latest Trends in AppSec Regulations

    As major data breaches continue to expose customers’ sensitive data and cause major monetary and reputation damage to organizations, regulators are taking notice. Two recent major regulations – the EU General Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their scope and depth. Considering the prominence… READ MORE

  • Announcing Updates to Veracode Integrations to Microsoft Visual Studio Team Services, Team Foundation Server and Visual Studio

    We are pleased to announce updates to the Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or have approved mitigations. The Visual… READ MORE

  • Veracode Visual Studio Extension, Now in the Visual Studio Marketplace

    Application security cannot be solved with a tool alone. There are significant organizational challenges, like gaining buy-in from various areas of your organization, helping developers to fix security flaws and making sure that security becomes part of the testing process. It’s truly a cultural shift. As such, adoption of application security will only be successful if you eliminate as much… READ MORE

  • The Four(ish) Appsec Metrics You Can’t Ignore

    Metrics are important in application security, and not just because they allow us to quantify the otherwise unquantifiable work of reducing risk that application security teams do. Metrics provide us with a way to communicate the progress of an application security program, whether to a development team that needs encouragement, to senior management or the board who want to understand the value… READ MORE

  • Protecting your code with an army of monkeys?

    I was at Gartner’s Security and Risk Management Summit in National Harbor, Maryland last week, and as always one of the best parts of the conference was the conversation that started after the analyst presentations were done. After one session on runtime application self protection (RASP), I found myself chatting with one attendee who asked, “How does RASP relate to the Simian Army?” My initial… READ MORE

  • The Fog of War: How Prevalent Is SQL Injection?

    Security statistics are complicated, and there’s a lot of fog of war around some fundamental questions like: how common are SQL Injection flaws? A pair of interesting articles over the last day have illustrated some of the challenges with answering that question. A company called DB Networks announced that it had found an uptick in SQL Injection prevalence in 2014, which had appeared to be on a… READ MORE

  • Announcing Automated Self-Service Provisioning From Veracode

    This is the second post about our 2012.2 release. On February 29, Veracode released its second service update of 2012. Our 2012.2 release has a bunch of features aimed at simplifying a variety of parts of rolling out and engaging users in an application security program, including provisioning users, working with flaws on the desktop, and getting developers engaged in the process of fixing… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.