Tim Jarrett

Tim Jarrett is Senior Director of Product Marketing at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and has a Bacon number of 3. He can be found on Twitter as @tojarrett.
Posts by Tim Jarrett

The Elephant in the Room is Compliance

January 6, 2015

The C-word - compliance - is one that has a mixed reception in application security circles. While some observers, like Verizon, say that there’s a correlation between compliance efforts like PCI and reduced likelihood of breach, others see compliance efforts as not doing enough to move the needle on application security. But the fact remains that if you’re trying to run a supply chain... READ MORE

Collaborate to Innovate

September 10, 2014

Supply chain management may conjure thoughts of enterprises driving business relationships with an iron hand - think of Walmart’s legendary purchasing power driving innovation into its suppliers. But some supply chain transformations occur through collaboration between the supplier and the enterprise in support of meeting the enterprise’s goal. In green supply chain transformations, there are... READ MORE

Use Software Suppliers as Force Multipliers

August 14, 2014

z.jpg   One of the most alarming facts of modern software, considering the deep insecurity of most software, is the degree to which it is composed of many other software components of varying origin and unknown security. Almost every enterprise software portfolio has internally developed, purchased, outsourced and open source software; but almost every application in a... READ MORE

Put Your Efforts Where They Do the Most Good

August 7, 2014

20163336_s.jpg When doing anything challenging whether it’s a diet or writing a book, the hardest part can be figuring out where to start. Addressing software supply chain security is no different. The typical organization has 390 business critical applications that are supplied by third parties, to say nothing of the multitudes of marketing web sites, operational sites,... READ MORE

How to Choose the Right Software Suppliers

July 30, 2014  | Managing AppSec

let-the-secure-suppliers-in_2.jpg When you think about securing your software supply chain, don’t reinvent the wheel: you can learn a lot from initiative like the “green” supply chain. When undertaking something as momentous as driving a new buying criterion into the purchase of software, enterprises would be advised to start practically, by choosing suppliers who are already... READ MORE

Introduction, or How Securing the Supply Chain is like “Going Green”

July 22, 2014

Application security is, as any practitioner will tell you, a hard technical and business problem unlike any other. The best advice for successfully securing software is usually to avoid thinking about it like any other problem — software security testers are not like quality assurance professionals, and many security failures arise when developers think conventionally about use cases rather than... READ MORE

Announcing the Veracode Video Survey: What do YOU think?

May 1, 2014

It seems that everyone working in information security today has an opinion about how enterprises can best secure their application infrastructures. That’s why we here at Veracode decided to tap the “wisdom of crowds” and ask security folks their opinions on some hairy industry topics. Where better to catch these thought leaders than at the recent RSA Conference 2014, held in San Francisco? So it... READ MORE

Announcing Automated Self-Service Provisioning From Veracode

March 20, 2012

This is the second post about our 2012.2 release. On February 29, Veracode released its second service update of 2012. Our 2012.2 release has a bunch of features aimed at simplifying a variety of parts of rolling out and engaging users in an application security program, including provisioning users, working with flaws on the desktop, and getting developers engaged in the process of fixing... READ MORE

The Benefits of Closed Loop Development

February 13, 2012

"On January 31, Veracode released our first platform update of 2012, including new scans for iOS, improved eLearning progress tracking and reporting, additional API methods, and better communication of expected turnaround times for applications." That was the headline of the release announcement that went out to our opted-in Veracode users about two weeks ago, and it does a pretty good... READ MORE

Top Ten Java Frameworks Observed in Customer Applications

January 31, 2012  | Research

One of the great things about the Veracode platform is the insight we get from examining our anonymized customer data - not only information about the vulnerability landscape (as published in the State of Software Security report) but insight into the composition of the applications that we scan. As I alluded in my last post, one of the things we record when scanning applications is the presence... READ MORE



contact menu