Skip to main content

Managing AppSec

Discover how to manage your application security program with expert guidance on measuring AppSec success and improving the security of your software.

  • In late October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) co-authored an advisory report on the latest tactics used by cybercriminals to target the Healthcare and Public Health (HPH) sector. In the report, CISA, FBI, and HHS noted the discovery of, “…credible information of an READ MORE

Stay up to date on Application Security

  • When conducting research for this year’s State of Software Security report, we looked at how “nature” and “nurture” contribute to the time it takes to close out a security flaw. For the “nature” side, we looked at attributes that we cannot change, like application size or age. For “nurture,” we looked at application attributes we can change, like security scan frequency and cadence. We found that READ MORE

  • As a security professional reading through version 11 of our State of Software Security (SOSS) report, the first statistic that probably stands out to you is that 76 percent of applications have security flaws. It’s encouraging to see that only 24 percent of those security flaws are high-severity, but ultimately, having security flaws in more than three-fourths of applications means there is READ MORE

  • Last year, the PCI Security Standards Council published the PCI Secure Software Standard and the PCI Secure Software Lifecycle (Secure SLC) Standard as a part of a new PCI Software Security Framework (SSF), also referred to as PCI S3. The SSF offers objective-focused security best practices that outline what a good application security program looks like, with consideration for both traditional READ MORE

  • Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11 (SOSS) report found that the financial services industry has the smallest proportion of applications with security flaws compared to other sectors READ MORE

  • Veracode’s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based on a survey of nearly 400 developers and security professionals, READ MORE

  • Cyberattackers and threat actors won’t take a break and wait for you to challenge them with your security efforts – you need a proactive application security (AppSec) program to get ahead of threats and remediate flaws quickly. It’s critical that you stand up an AppSec program covering all the bases, from which roles each team member will have to alignment on KPIs and goals, and even a detailed READ MORE

  • We are excited to announce the launch of our new partner training and certification paths, open to all authorized Veracode partners. Based on partner feedback, we have designed these paths to provide a deeper understanding of the Veracode story and technical details around application security (AppSec). By enlisting in our training and certification paths, we enable partners to expand their READ MORE

  • Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But – shockingly – less than half of these organizations have invested in specific security controls to scan for open source READ MORE

  • Maximizing the value of your application security (AppSec) analytics not only provides a window into whether or not you’re meeting security requirements but also it helps you prove your ROI. That can be a challenge for a lot of organizations – when stakeholders are not close to the data, they may miss milestones like hitting goals for reducing security debt or even how much AppSec program has READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.