Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

A Closer Look at Security’s Role in a DevSecOps Organization

mspencer's picture
By Milena Spencer July 5, 2018
How does DevSecOps change the security role?

In February, we hosted a virtual summit titled “Assembling the Pieces of the DevSecOps Puzzle.” The goal of the summit was to provide organizations with tools and information to implement a DevSecOps strategy in their organization—and make the shift from theory into practice.  In his educational webinar at the summit, Chris Wysopal—Veracode’s CTO and co-founder—tackles an important,... READ MORE

A Security Champion in the Developer Midst May Just Solve the Secure Code Conundrum

eschuman's picture
By Evan Schuman July 3, 2018
How to use your security resources more efficiently with developer security champions.

The enterprise challenge in generating secure code is well known: as software becomes a competitive advantage and customers expect regular updates, the need to release new features and content frequently often trumps the need to release secure code. Although that's a true conflict, it's not the full story. Psychology can play almost as big a role, with security teams often perceived by developers... READ MORE

AppSec Policies: Get With the Times

mspencer's picture
By Milena Spencer July 2, 2018
Make sure your AppSec policy is keeping pace with your development team.

In February, we hosted a virtual summit titled “Assembling the Pieces of the DevSecOps Puzzle.” The goal of the summit was to provide organizations with tools and information to implement a DevSecOps strategy and move it from theory into practice.  During one of the summit’s webinars, Pejman Pourmousa, VP of Program Management at Veracode, explained the importance of rethinking AppSec... READ MORE

What the Veracode Verified Continuous Tier Looks Like

sciccone's picture
By Suzanne Ciccone June 27, 2018
What does it take to reach the Continuous Verified tier?

We recently announced our Veracode Verified program. To better suit the needs of organizations that are producing and updating apps at DevOps speed, we are attesting to the security of the overall development process of an application, rather than to the security of an application at one point in time. In this way, your prospects and customers can rest assured that security was embedded... READ MORE

A Closer Look at the Veracode SourceClear Solution

sciccone's picture
By Suzanne Ciccone June 26, 2018
Details on the features of our SourceClear solution

The days of developers creating every line of code from scratch are over. The intense demand for newer, better software means development speeds have become correspondingly intense. In turn, developers need to rely on the pre-built functionality in open source libraries to keep up. The problem with this practice is that it also introduces a whole new layer of vulnerabilities into organizations’... READ MORE

Announcing the GA Release of SourceClear Custom Policies

sciccone's picture
By Suzanne Ciccone June 13, 2018

We are very excited to announce the GA release of SourceClear Custom Policies. Custom Policies improves issue remediation and allows you to take greater control of your software delivery workflow. Why Do You Need Custom Policies? More than ever, development groups are relying heavily on open source software libraries to provide a rich feature set that can’t be built from scratch in a reasonable... READ MORE

Maximizing the Bang for Your Security Training Buck

eschuman's picture
By Evan Schuman June 8, 2018
Learn more about AppSec training from our VP of engineering.

Training developers on application security is critical to the success of every security program, but many companies deploy training improperly or insufficiently, argues Maria Loughlin, VP of Engineering at Veracode. Companies can increase the bang for their training buck by matching their training delivery and curriculum to the needs of their organization. Consider the channel A successful... READ MORE

What the Veracode Verified Team Tier Looks Like

sciccone's picture
By Suzanne Ciccone June 5, 2018
A closer look at the Veracode Verified Team tier

We recently announced our Veracode Verified program. To better suit the needs of organizations that are producing and updating apps at DevOps speed, we are attesting to the security of the overall development process of an application, rather than to the security of an application at one point in time. In this way, your prospects and customers can rest assured that security was embedded... READ MORE

IT Is Finally Embracing DevSecOps

eschuman's picture
By Evan Schuman May 31, 2018
Why the shift toward DevSecOps is picking up speed

It’s taken quite some time to get here, but enterprise IT execs are finally embracing DevSecOps. The latest indicator that it’s happening is the 2018 Gartner Magic Quadrant for Application Security Testing, which predicted in March that “by 2019, more than 50% of enterprise DevOps initiatives will have incorporated application security testing (AST) for custom code, an increase from fewer than 10... READ MORE

Optimizing Your Approach to Securing Software Components

Neil's picture
By Neil DuPaul May 30, 2018  | Managing AppSec

The business world increasingly runs on software. It's on computers, in machines and embedded in almost every electronic device available. Today, the typical enterprise runs 372 mission critical applications. Remarkably, data shows that 75 percent of third-party applications don’t comply with OWASP Top 10 security policies, and 97 percent of all scans identify at least one component with a known... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu