Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Open Source Risk Continues to Challenge Organizations’ Software Security

lpaine's picture
By Laura Paine December 10, 2018

The pressure on software development teams to produce more software, and faster, is greater than ever before. This demand has necessitated heavy adoption of open source libraries and components, as they empower developers to reach production deadlines by adding functionality to their code without starting wholly from scratch. Download the State of Software Security Volume 9 Software Composition... READ MORE

Marriott Confirms Breach Impacts As Many As 500 Million Guests

lpaine's picture
By Laura Paine November 30, 2018

Marriott International has disclosed that the guest reservation database of its Starwood division has been breached, affecting as many as 500 million guests. The company has also confirmed that there has been unauthorized access to the Starwood network since 2014. According to a report from the BBC, for roughly 327 million guests, the attacker was able to access personally identifiable... READ MORE

Retailers Fix Software Flaws Quickly, Despite Continued Code Quality Issues

lpaine's picture
By Laura Paine November 27, 2018

The 2018 holiday shopping season is off to a record-breaking start, thanks to consumers’ growing comfort with making online purchases and an increasing number of retailers offering Black Friday pricing starting on Thanksgiving. In fact, in the first two days of the shopping season, online retailers saw nearly $10 billion sales, with Adobe reporting that consumers in the U.S. alone spent $6.2... READ MORE

Instagram Bug Accidentally Reveals User Passwords

lpaine's picture
By Laura Paine November 20, 2018

Facebook and Instagram have been having a rough go of it this year. According to The Information, some Instagram users who made use of the platform's new feature received notification that their passwords were showing up in the URL of their web browsers. What's more, this information was also stored on Facebook's servers, causing a greater issue for anyone using a shared computer or an insecure... READ MORE

Quick Take: The Developer's Role in the Future of Secure Software Development

lpaine's picture
By Laura Paine November 19, 2018

The State of Software Security Volume 9 offers some of the most dramatic and concrete evidence to date on the positive effect DevSecOps practices have on the  state of software security. The data showed consistently that the more an organization scans per year, the faster security fixes are made. The frequent, incremental changes brought forth by DevSecOps makes it possible for these teams... READ MORE

Veracode at Black Hat Europe 2018

cwysopal's picture
By Chris Wysopal November 16, 2018
Get details on Veracode's presence at Black Hat Europe 2018.

We recently published the 9th volume of our State of Software Security (SoSS) report, and although there are some bright spots, the overall state of software security remains a work in progress. Nowhere is this more true than in Europe. In separate research conducted earlier this year, we found that organizations in Europe are very aware of and concerned about application security. A staggering... READ MORE

State of Software Security Vol 9: Top 4 Takeaways for Developers

sciccone's picture
By Suzanne Ciccone November 8, 2018
Key takeaways on SoSS v9 for developers

We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April 30, 2018. The data reveals a clear picture of both the security of code organizations are producing... READ MORE

Quick Take: Chris Eng On The Security Practitioner's Role In The Future Of Secure Software Development

lpaine's picture
By Laura Paine October 22, 2018  | Security News

The State of Software Security Volume 9 highlights that the sheer volume of open flaws within enterprise applications is too staggering to tackle at once. Which means that organizations need to find effective ways to prioritize which flaws they fix first. While many organizations are doing a good job prioritizing by flaw severity, data this year shows that they’re not effectively considering... READ MORE

Quick Take: Advancing AppSec Requires a Partnership Between Security and Development

lpaine's picture
By Laura Paine October 22, 2018  | Security News

The State of Software Security Volume 9 shows that the speed at which organizations fix flaws they discover in their code directly mirrors the level of risk incurred by applications. The faster organizations close vulnerabilities, the less risk software poses over time. In this quick take video, Chris Wysopal discusses how security and development teams can work together to reduce application... READ MORE

Quick Take: The State of Software Security in 2018

lpaine's picture
By Laura Paine October 22, 2018

The State of Software Security Volume 9 looks at both the good and bad news about the enterprise's progress on advancing application security. The data offers many signs of encouragement that organizations are incrementally moving the needle, though there is still plenty of work to be done to shore up application risk. In this quick take video, Chris Wysopal shares his views on the state of... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu