News

Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News Dec 14 2017 eSecurity Planet

Just 28 Percent of Business Leaders Have Heard of the Equifax Breach

Only 28 percent of business leaders have heard of the Equifax breach, just 31 percent are aware of the 2014 eBay data breach, and just 34 percent have heard of WannaCry ransomware, a recent CA Veracode survey of 1,403 business leaders in the U.S., the U.K. and Germany found.

In the News Dec 13 2017 CSO

3 Big Application Security Trends of 2017

The application security headlines of the year 2017 seemed like more of the same grim news, but some AppSec trends are reasons to be hopeful.

In the News Dec 13 2017 SearchSecurity

Breach awareness low among executives, CA Veracode survey says

According to a new survey from CA Veracode, breach awareness regarding recent major cyber incidents was low among executives, managers and directors, surprising some experts.

In the News Dec 12 2017 Software Testing News

CA Veracode urges businesses to secure software

Veracode today released research revealing the large gap between software creation and software security, outpacing the urgency to secure the process. The security company’s report ‘Securing the Digital Economy’ highlights how investment in software and digital transformation is moving fast, with around one in five business leaders indicating that their software budget which supports digital transformation projects has increased by more than 50% over the past three years.

In the News Dec 12 2017 Computer Business Review

1 in 4 UK business leaders lack basic cybersecurity understanding

A shocking revelation of cybersecurity ignorance among UK business leaders has shown that as many as a quarter do not understand common cyberattacks. Ransomware and phishing are among basic attack variants that UK business leaders are in the dark about, proving that even major, global data breaches are not enough to capture the attention of all. Spending has been increasing across the board as organisations pursue digital transformation, but this has not prompted UK business leaders to learn more about the risks involved.

In the News Dec 12 2017 Digitalisation World

Business leaders only address cybersecurity under duress

Veracode has released new research revealing the widening gap between software creation and software security, with the rush to innovate outpacing the urgency to secure the process. The “Securing the Digital Economy” report highlights how investment in software and digital transformation is rapidly accelerating, with around one in five business leaders indicating that their software budget had increased 50 percent or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50 percent of business leaders surveyed understand the risk that vulnerable software poses to their business.

In the News Dec 11 2017 TechBeacon

The sorry state of software security: Secure development is key

Developers are getting better at creating more secure software, but about the same proportion of programs are vulnerable as a decade ago, according to CA Veracode's most recent security report. Meanwhile, the risks have only increased. The impact of a security breach has dramatically increased because applications are the custodians of more critical data and functions than ever before.

In the News Dec 04 2017 dotnetpro

State of Software Security Report

The developer guide uses new data from the CA Veracode platform to support the fact that vulnerable open source components pose an omnipresent risk. Developers still have a high need for training and support in this area.

Particularly worrying: 91 percent of all Java applications that contain Struts components are based on a version of the framework with at least one critical or even particularly critical vulnerability.

Further findings of the Veracode study are:

Developers underestimate errors in code: Once again, 70 percent of applications fail this year when they run a Veracode security scan for the first time. Open-source software components as a source of risk: developers are increasingly turning to microservices to speed up their work. However, open source components in particular often contain risks and vulnerabilities, as the state-of-the-art software security report shows. 88 percent of the Java applications reviewed last year had at least one point of attack based on one of their components.

Hand in hand with security to enormous security gains: In modern DevOps teams, developers usually carry out the security tests for their applications themselves in order to eliminate errors directly. If they actively seek the advice of their security colleagues regarding the vulnerabilities, they can improve their bugfix rate by as much as 87.6 percent.

In the News Dec 04 2017 SD Times

DevSecOps: Baking security into development

Software is the lifeblood of most businesses today. So, what happens if that software is unreliable or insecure? It seems like a no-brainer that the software being pushed out should be protected. But, as software is being developed and deployed at a rapid pace, an important aspect of the life cycle gets lost in the race: Security.

In the News Dec 01 2017 DZone

Reemergence of Open Source Increases Security Vulnerabilities

Thanks to Pete Chestna, Director of Developer Engagement and Jessica Lavery, Senior Manager, Security Strategy at CA Veracode for taking the time to speak to me at CA World 17. Pete and Jess were excited that CA Veracode Greenlight was now available as a free trial to help developers accelerate velocity and quality. Developers can produce vulnerability-free code with instant feedback on security defects in their IDEs. This enables them to speed the SDLC without compromising security while fulfilling the promise of DevSecOps.

In the News Nov 30 2017 DZone

Yes, Developers Care About Security

CA Veracode has just published its annual State of Software Security (SOSS) report which analyzes data from 400,000 application scans from April 1, 2016 to March 31, 2017. The applications were written in more than a dozen programming languages for large and small organizations across a wide range of industries. A key finding is that most developers don't try to game the system by rejecting findings as false positives, or as mitigated by design. Developers documented mitigations for just 14.4% of all the flaws found by the CA Veracode platform.

In the News Nov 29 2017 IT-Daily

No power to data thieves - Five tips against ransomware

Attacks by cybercriminals can be costly for businesses if they want to avoid losing their data. The most recent example is Uber, a global American driver services broker who has been the victim of a Ransomware attack: data from 57 million customers and drivers has been hacked, including names, addresses and driver's license numbers. Over paid $100,000 to the hackers and concealed the incident, but is now exposed to the serious charge of covering up a criminal offence. This latest case shows once again the importance of advanced data protection to prevent cyberattacks. Julian Totzek-Hallhuber, Solution Architect at the application security specialist CA Veracode, gives five tips on how companies can easily and effectively protect themselves against Ransomware attacks.

In the News Nov 29 2017 Inside-IT

Akamai report – Focusing on SQL injections, android and Germany

Akamai has published the latest report on the "State of the Internet". Some key statements: The number of DDoS attacks increased again in the third quarter of 2017, with eight percent growth compared to the second quarter. However, the number of attacks decreased slightly compared to the third quarter of 2016. (…) And the guest author, Chris Wysopal of Veracode, explicitly criticizes the ICT industry: "Although Application Security Testing promises a lot and is growing fast, it shows that applications are generally not more secure today than they were ten years ago". And further, Wysopal complains: "Most open source components remain unpatched once they have been built into the software."

In the News Nov 28 2017 The Hill

9 in 10 firms also failed to patch software that sunk Equifax

More than 90 percent of applications using the same computer programming library that, left unpatched, lead to the Equifax data breach also fail to keep the software up to date, reports the security firm CA Veracode.

In the News Nov 28 2017 TechBeacon

Will GitHub's dependency graph move the needle on app sec?

Software developers are depending more and more on third-party code, or dependencies, when forging their applications. Rather than reinvent the wheel for tasks such as logging and authentication, developers often deploy open-source code. That can can create security problems for software writers, as the recent mammoth breach at credit services company Equifax illustrated.

In the News Nov 28 2017 Information Security Buzz

Government Announces Plans For Cybersecurity Skills Investment In Industrial Strategy

The government has just announced a new strategy for industry that aims to tackle weak productivity and bolster businesses to counter any new problems caused by Brexit. The strategy highlights the need for improving digital skills especially in cybersecurity. Paul Farrington, Manager- EMEA Solution Architects at Veracode commented.

In the News Nov 28 2017 Dark Reading

Developers Can Do More to Up Their Security Game: Report

Developers can play a vital role in accelerating the adoption of AppSec practices, security vendor says. Data from a new study suggests that there are several measures developers can take to accelerate the adoption of formalized application security practices at their organizations.

In the News Nov 28 2017 SD Times

Report: Developers aren’t to blame for security issues

The idea that developers don’t care about application security is a myth. A recently released report found that not only do developers take application security seriously, they take the time to find and fix vulnerabilities in their applications.

In the News Nov 28 2017 Developer

How can developers improve software security? Move to DevSecOps and ‘think like an attacker’

Developers today frequently find themselves between a rock and a hard place. The business may not place security at the top of its priorities, but we all know how vital it is – and in today’s agile and DevOps working environments, developers cannot afford to finish applications and then leave the tidying up to the security team.

A new report from CA Veracode issued today argues that while developers do care about security, and are getting better at it, more work still needs to be done – including to ‘think like an attacker.’

In the News Nov 27 2017 LeMagIT

CA Technologies realizes its modern software factory

On the developer side, Veracode's solution comes in Veracode Greenlight , a plugin for the most common development environments (Eclipse, Visual Studio, etc.). It retrieves the code compiled on the water on the developer's machine and sends it to the Veracode SaaS service, whose function is to check that security breaches have not been inadvertently inserted. When this is the case, the plugin immediately reports it to the developer, highlighting the flaw in the code being written and displaying, on the right side of the screen, a known means to correct it.

In the News Nov 22 2017 IDG Connect

Could WikiLeaks dumping CIA code create the next WannaCry or NotPetya?

In an age of nation-state level cyberwarfare, countries with the best hacking tools are the new military powers. The US has been aggressive in efforts to find new and powerful vulnerabilities to exploit, and slow in disclosing them to technology vendors. But it has also not been effective in keeping those secrets from falling into the hands of hackers such as the Shadow Brokers and whistle-blower sites such as WikiLeaks and the Intercept.

In the News Nov 20 2017 Help Net Security

Chris Eng: An infosec journey from offense to defense

“Come to my lab, I promise you’ll learn something cool,” a friend told Chris Eng. Within a couple of hours, he had walked him through writing an exploit for an obscure Linux bug, and Eng was hooked on the idea that one could leverage a programming error to gain root privileges on the system.

In the News Nov 20 2017 Security-Insider

Application security in times of Microservices

The development of microservices, instead of monolithic applications, can pay off in the long run. In terms of application security, however, there are some challenges, warns CA Veracode. Once a company has created the structures to consistently develop microservices, there are a number of advantages. For example, microservices can be used multiple times in different applications. Instead of, for example, developing four apps each with its own payment processing system, the component is programmed only once and used by several applications. This also results in easier maintenance: if part of the solution is outdated or malfunctions occur, only a small service needs to be updated or replaced. Compared to monolithic software this is a big advantage, because even the smallest changes can have unpredictable effects.

 

 

contact menu