Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Live From Gartner Security & Risk Mgmt Summit: Starting an AppSec Program, Part 2

ckirsch's picture
By Chris Kirsch June 20, 2019  | Managing AppSec
Get details on Unum's journey to AppSec maturity.

This is part two of a two-part blog series on a presentation by Hooper Kincannon, Cyber Security Engineer at Unum Group, on “Secure from the Start: A Case Study on Software Security” at the Gartner Security & Risk Management Summit in National Harbor, MD. In this presentation, Hooper provided a great blueprint for starting a DevSecOps program. In part one, I summarized how Hooper got buy-in... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Starting a Web Application Security Program

ckirsch's picture
By Chris Kirsch June 20, 2019  | Managing AppSec
Get advice on building out your AppSec program

Bootstrapping an application security program is hard. Technology is only one part of the equation. You need to inventory your applications, get stakeholders on board, and then execute on the holy trinity of people, process, and technology. That’s why I was excited to see Hooper Kincannon, Cyber Security Engineer at Unum Group, present on “Secure from the Start: A Case Study on Software Security... READ MORE

Live From Gartner Security & Risk Mgmt Summit: How to Approach Container Security

ckirsch's picture
By Chris Kirsch June 19, 2019
Tips on container security from the Gartner Security & Risk Mgmt Summit

Container security is a topic most security practitioners still find confusing. It’s a new technology that’s spreading fast because of its numbers benefits, and security implications and solutions are evolving just as fast. That’s why I really appreciated Anna Belak’s session “Container Security – From Image Analysis to Network Segmentation” at the Gartner Security & Risk Management Summit in... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Pair Security Trainings With Technical Controls

Live from Gartner Security and Risk Mgmt Summit

“We often forget that technology cannot solve the world’s problems.” That was one of the opening lines of Joanna Huisman’s session “Magic Quadrant for Security Awareness Computer-Based Training” at the Gartner Security & Risk Management Summit in National Harbor, MD. While her Magic Quadrant doesn’t address DevSecOps trainings, I took away some valuable lessons that also apply to this area.... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Running Midsize Enterprise Security

ckirsch's picture
By Chris Kirsch June 18, 2019
Live from the Gartner Security and Risk Management Summit

Over the past few months, I’ve experienced an increased interest in DevSecOps from midsize enterprises, so I was especially interested in attending Neil Wynne and Paul Furtado’s session “Outlook for Midsize Enterprise Security and Risk Management 2019” at the Gartner Security & Risk Management Summit in National Harbor, MD this week. 57 Percent of Midsize Enterprises Don’t Have a CISO Gartner... READ MORE

How Veracode Supports DevSecOps Methodologies With SaaS-based Application Security

lpaine's picture
By Laura Paine June 18, 2019

Most legacy applications were not developed with security in mind. However, modern businesses and organizations are continuing to undergo digital transformation in order to pursue new business models and revenue channels, as well as giving their customers or constituents a simplified experience. This often means selecting cloud-based tools and solutions that allow for the scalability necessary to... READ MORE

What the AMCA Data Breach Teaches Us About Modern Supply Chain Security

lpaine's picture
By Laura Paine June 10, 2019

The State of Software Security Volume 9 (SOSS Vol. 9) found that the healthcare industry, with its stringent regulations, received relatively high marks in many of the standard AppSec metrics. According to Veracode scan data, healthcare organizations ranked highest of all industries on OWASP pass rate on latest scan, coming in with a rate just over 55 percent. Our flaw persistence analysis shows... READ MORE

Quest Diagnostics Breached Through Third-Party Billing Collections Vendor

lpaine's picture
By Laura Paine June 3, 2019

Quest Diagnostics has reported that nearly 12 million patients’ may have been impacted by a breach into American Medical Collection Agency (AMCA), the medical testing company’s third-party billing provider. According to a data breach filing with the Security and Exchange Commission, as many as 11.9 million patients may have had their credit card, banking, medical information, and other personal... READ MORE

Three Veracode Leaders Honored Among CRN’s 2019 Women of the Channel

pdaly's picture
By Pete Daly May 22, 2019  | Security News

CRN®, a brand of The Channel Company, has announced it has named three Veracode leaders to its prestigious 2019 Women of the Channel list. The leaders on this annual list are from all areas of the IT channel ecosystem, representing technology suppliers, distributors, solution providers, and other IT organizations. Each honoree is recognized for her contributions to channel advocacy, channel... READ MORE

WhatsApp Releases Update Following Breach via Remote Code Execution Vulnerability

lpaine's picture
By Laura Paine May 14, 2019

On Monday, The Financial Times reported that attackers have been exploiting a buffer overflow vulnerability in the popular messaging service WhatsApp. The vulnerability has been fixed, and updates were released on Friday. WhatsApp, owned by Facebook, is urging both iPhone and Android users to update the app as soon as possible. Veracode’s State of Software Security Volume 9 found that buffer... READ MORE

 

 

contact menu