Our latest business and technology news

View: All | Press Releases | In the News | Events

Press Release Oct 18 2016

Veracode Report Finds Open Source Components Proliferating Digital Risk at an Alarming Rate

Veracode today released the findings in its annual State of Software Security Report (SoSS). The seventh edition of the report presents metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the last 18 months.

Press Release Oct 05 2016

Veracode Helps Web and Mobile Programmers Go Faster More Securely, and Passes Two Trillion Mark in Code Scanning

New Offerings Deepen Coverage for Popular Web and Mobile Languages, While Helping Users of Older Mission-Critical Applications Improve Security

Press Release Sep 29 2016

Cybersecurity Professionals Admit to Releasing Software Code Before Security Testing for Bugs

Survey data reveals that although majority of respondents feel as though their software and applications are secure, many lack the proactive, layered security programs necessary to combat today’s vulnerabilities

In the News Sep 07 2016 WGBH News

Is Voter Fraud Going High Tech?

The FBI has reportedly told election officials in Arizona and Illinois that Russian hackers are pursuing their voters list. Federal officials have sent a warning to all state election officials that there could be attempts to hack any election related networks. Veracode Co-Founder Chris Wysopal (@WeldPond) and Harvard Cyber Security Project Postdoctoral Fellow Ben Buchanan (@BuchananBen) joined Jim to discuss potential election hacking.

In the News Aug 25 2016 Battery Ventures

Veracode chosen in glassdoor “50 Highest Rated Private Cloud Companies to Work For” List

Delivering key tech infrastructure and software through the cloud is one of the biggest technology trends today, driving billions in new revenue—and also much of the tech industry’s recent M&A activity.

Press Release Jun 06 2016

New Innovations from Veracode Help Security Teams and Software Developers Protect Applications and Shorten Time to Deployment

These announcements are evidence of Veracode’s aggressive strategy to transform application security, extending it across the entire software lifecycle to reduce risk, manage compliance and shorten deployment times for secure software applications, while making secure coding practices a more seamless and positive part of the development processes. 

In the News Mar 11 2016 Associated Press

Cruz campaign updates smartphone app to fix security flaws

The campaign of Republican presidential candidate Ted Cruz updated its mobile app after an independent review found security flaws that could have allowed hackers to access personal data from users. The computer-security firm Veracode performed audits of the "Cruz Crew" app and those released by other 2016 presidential contenders at the request of The Associated Press.

In the News Mar 07 2016 Dark Reading

Automakers in the hotseat for vehicle cybersecurity

Whenever you have a supply chain and the more complicated it is, and the more individual pieces it has, the more difficult it is to do security. There are so many different parties involved: infotainment, connectivity, and they’re going with someone else to do the OS, like Apple Car Play, for example. Ford and Toyota are going with their own OSes. Who’s building the apps? [Likely] a third party. For at least three years they are going to have to deal with in-bound vulns at a rate higher than today and have to respond to them.

In the News Mar 07 2016 IDG

Is a cyber-liability insurance policy in your company's future?

Who’s going to decide when you have negligent security or good security? There are certain common sense things you need to do. The thing is codifying those common sense things – like application security best practices. I think the cyber insurance industry will help do that because they don’t want to pay out, which in turn will create a baseline for security best practices.

In the News Mar 06 2016 eWeek

Security training for developers failing to keep up with threats

Services like Veracode can help because their remediation services include consultation with coding experts so that developers see where mistakes are being made. "You need to start before you get to that point," Wysopal said. "You need to understand your application's threat model up-front, how you could be attacked, what data they might go after. Then test before you get hacked versus the threat model."

In the News Mar 02 2016 Threatpost

DROWN flaw illustrates dangers of intentionally weak crypto

Chris Eng, VP of research at Veracode, points out DROWN is the most recent, but far from the only example of intentionally crippled encryption (or backdoors) that have come back to haunt security professionals. “In the security industry there are a number of examples. That’s happened over and over again. The most recent is the Juniper backdoor and Dual EC DRBG. These (backdoors) were meant to be secrets that maybe only the maintenance staff or only a few knew about. But once that secret gets out then the good guys know it and the bad guys know it. It then takes a lot of effort to go back and patch the long tail of deployed products.”

In the News Mar 01 2016 Threatpost

Car industry three years behind today’s cyberthreats

“When you think about the plans to allow customers to download apps for infotainment systems to control different environments the risks is only going to increase,” Wysopal said. “What’s going to happen when something goes wrong?” Eight-seven percent of drivers polled said car manufacturers should be liable for the safety of the car, including third-party app reliability, manufacturer apps and protection from hackers. “We have answered a lot of these questions in the smartphone world with iOS and Android,” Wysopal said. “But when it comes to automobile safety it gets much trickier.”


Press Release Mar 01 2016

IDC and Veracode Study Reveals Major Concerns Over the Security of Connected Cars

Combining driver sentiment with in-depth interviews from organizations such as Fiat-Chrysler, Seat, Scania, Delphi and German industry body ADAC, new research sheds light on key questions, such as: What are the cybersecurity implications of the connected car? Who is responsible for ensuring the applications are secure? Where does product liability lie? What are the issues and approaches for personal data and privacy?

In the News Feb 18 2016 SC Magazine

Stack-based buffer overflow bug found in glibc

Like Heartbleed and Shellshock before it, the glibc vulnerability reinforces the reality that using components in the application development lifecycle introduces risk. ...our software is constructed like Legos, relying on components rather than coding. This is why it's important to have complete visibility into all of the components development team are using, as well as the versions being used to ensure they can quickly patch and/or update the component version when a new vulnerability is disclosed.

In the News Feb 17 2016 Re/code

Can CNAP succeed without building on past lessons in safety?

For decades, cities were built and developed with functionality and convenience in mind. It wasn’t until the Great Chicago Fire destroyed an entire city and cost the lives of hundreds of people did cities begin creating fire codes. They realized there was diminishing returns on building more fire stations. The buildings themselves needed to become more fireproof. Like a rapidly growing city, we’ve built our applications quickly and without regard for the fact they exist in a hostile environment. Every application that holds valuable data will be attacked, just like every car will drive on a slippery road and every person will be exposed to pathogens. We have to stop pretending we can keep the bad guys from attacking the code that protects our data.

In the News Feb 10 2016 Dark Reading

Simplifying Application Security: 4 Steps

Fortunately, the path to writing and deploying secure applications is not as hard as it’s made out to be. Any company can go from having an ad-hoc approach to having an advanced program, regardless of the number of applications that need securing.

In the News Feb 08 2016 SC Magazine

£4bn investment for NHS digital transformation

The raise in healthcare mobile applications could cause headaches for the government. That's why it's vital that all applications which access confidential data are fully tested and protected from vulnerabilities which could be an easy target for cyber-criminals wishing to damage the NHS or profit from the wealth of sensitive data it holds.

In the News Feb 08 2016 eSecurity Planet

5 Best Practices for Reducing Third-Party Security Risks

Any vendor should be able show proof that they conduct code reviews on any applications that touch your applications. “If they say, 'No, we don't do that,' or 'We don't share results on our internal security,' they probably do, and they're just trying to make you go away," said Chris Wysopal, CTO for Veracode. "One of the things we've learned is that if you push hard enough, they say, 'Yeah, you're right. We have had a third-party audit, and we can show you the results.'"

In the News Feb 08 2016 CBR Online

Why moving to cloud and mobile might be a security advantage

Veracode’s Sam King comments that the strategic benefits of cloud and mobile adoption within organizations means that security professionals no longer have fight to be heard in their firms. "They don't have to convince anybody that there's something they have to be concerned about when you've got an application and you're retailing it through another person, like Apple iTunes or Google Play or what have you.” 

In the News Jan 22 2016 Healthcare Info Security

App Security in Healthcare: Avoiding Missteps

Healthcare organizations need to carefully scrutinize the security of electronic health record and other applications they use because encryption and other features often have shortcomings.

Press Release Jan 21 2016

HIMSS and Veracode Survey Reveals Application Vulnerabilities are Top Cybersecurity Concern for Healthcare Providers

The report reveals how application security is viewed and addressed by healthcare providers across the US. The number one concern of these executives was the exploitation of vulnerabilities in web, mobile and cloud-based applications. Survey respondents cited the potential for loss of life due to compromised networks or medical devices, brand damage due to theft of patient information and regulatory enforcement as their top fears related to such security breaches.

In the News Jan 21 2016 FierceHealthIT

Loss of life, liability top cybersecurity fears for health IT leaders

One thing insecure applications have accomplished is to increase healthcare’s fear of liability. 57% of those surveyed are increasing spending on external security assessments; 56% are adding liability clauses into contracts with commercial-software vendors in their supply chain; 54% are implanting frameworks like the SANS Institute Security Controls.”

In the News Jan 21 2016 Health IT Security

Health Application Vulnerabilities Top IT Executive Concern

Veracode’s Chris Wysopal said that 80 percent of healthcare applications contain easily avoidable cryptographic issues such as weak algorithms, which is why keeping security a priority as software is being built is essential for the industry.

In the News Jan 21 2016 Network World

Healthcare IT execs fear loss of life due to hacked medical devices or networks

The fear of cyberthugs exploiting vulnerabilities in web, mobile, and cloud-based apps is more worrying to healthcare organizations than user error like employee negligence, malicious insiders, and phishing attacks.