News

Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News Oct 24 2018 Axios

Study: Software security vulnerabilities persist for months

Axios highlights data points from the new State of Software Security report, which shows the majority of vulnerabilities persist unpatched well after being discovered and that mission-critical apps take longer to fix than less critical apps.

In the News Oct 24 2018 TechRepublic

Organizations with strong DevSecOps find flaws 11x faster than those without

The State of Software Security report Volume 9 shows the number of vulnerable applications is incredibly high, but implementing DevSecOps has proven to be effective in mitigating flaws.

In the News Oct 24 2018 SC Magazine UK

Most applications 'suffer from information leakage bugs'

The recently published 2018 State of Software Security report by Veracode found that information leakage bugs were found in 66.8 percent of tested applications, while cryptographic issues plagued 63.7 percent of apps.

In the News Oct 24 2018 Infosecurity Magazine

Software Security Report Shows Improved DevSecOps

Veracode's State of Software Security Vol. 9 evidenced improvements in DevOps security, suggesting that DevSecOps is facilitating better security and efficiency, and also analyzed flaw persistence to measure the longevity of flaws after the initial discovery. 

In the News Oct 21 2018 Associated Press

Cybersecurity ‘Paul Revere’ touts adversarial model

CTO Chris Wysopal discusses the state of cybersecurity today with the Associated Press in a wide-ranging conversation covering election security, white hat hacking, and ethical software development.

In the News Oct 21 2018 Associated Press

Cybersecurity pioneer Wysopal on startup lessons

In a Q&A with the Associated Press, CTO Chris Wysopal discusses his entrepreneurial journey and his advice for cybersecurity startups. 

In the News Oct 08 2018 DBTA

The Future of DevOps: Predictions for 2019

Mark Curphey comments on how DevOps will play a pivotal role as the enabler of seamless security integration in the future.

In the News Oct 05 2018 CNET

Election security is a mess, and the cleanup won't arrive by the midterms

CTO Chris Wysopal shares his view on why we need major changes to help secure election systems, and why we should start right now.

In the News Sep 28 2018 SearchSecurity

Facebook breach affected nearly 50 million accounts

Facebook admitted its network was breached and the cyberattack affected nearly 50 million accounts, though the extent of the damage is still unclear. Chris Wysopal shares his take on the incident with SearchSecurity. 

In the News Sep 25 2018 SearchSecurity

Hardcoded credentials continue to bedevil Cisco

In the past year, Cisco has reported numerous vulnerabilities related to hardcoded credentials. Chris Wysopal explains in this SearchSecurity article why these types of flaws are so error-prone and difficult to manage. 

In the News Sep 19 2018 SC Magazine UK

Addressing the threats posed by persistent vulnerabilities

APT attacks are often directed at organizations that deal in high-value information such as financial organizations, manufacturing companies and governments. While not difficult to fix the vulnerabilities, the danger lies in the millions and millions of lines of code where a flaw could present an opening for a security breach. This piece explores five common types of ATP attacks.

In the News Sep 19 2018 The Wall Street Journal

Hack the Vote: How Safe Are Elections?

How can we protect our democratic process from foreign interference? On The Wall Street Journal’s Future of Everything podcast, Chris Wysopal shares his insight on the security of our election processes, why addressing voting machine flaws is only the beginning, and extant threats our elections face.

In the News Sep 12 2018 ITProPortal

Why do cybercriminals target vulnerabilities?

It is crucial that businesses – as well as their development teams – understand the potential cost of the dormant vulnerabilities in their IT environment.

In the News Sep 11 2018 Dark Reading

4 Practical Measures to Improve Election Security Now

It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.

In the News Sep 07 2018 CSO

What is a chaff bug? How adding bugs to apps may make them more secure

Researchers at NYU have developed a technique to add inert bugs in code to deter hackers. But is this the right approach to more secure code?

In the News Sep 07 2018 CSO

The Ethics of Creating Secure Software

Software has transcended from a technical process into the realm of social morality. Security of software is not a technical question, but a moral one, and companies need to treat it that way.

In the News Aug 29 2018 Forbes

What Government Organizations Can Learn From The Private Sector About Cybersecurity

When it comes to software security, government organizations continue to underperform compared to other industries. In fact, exploitable vulnerabilities like cross-site scripting and SQL injection are common in public organizations that run our most critical infrastructure. Security education and ongoing training are essential to keep up with the demand for secure coding skills.

In the News Aug 23 2018 Dark Reading

New Apache Struts Vulnerability Leaves Major Websites Exposed

Remember last year's Equifax hack? It involved an exploit of a vulnerability in Apache Struts. Yesterday, news came of a new vulnerability in the open source Web framework, one that some people are saying could be worse than the one that put nearly everyone's credit card information into the hands of criminals. VP of Research Chris Eng advises organizations using Apache Struts to upgrade quickly.

In the News Aug 08 2018 Infosecurity Magazine

#BHUSA18: People are the Key to a Security Company

The future of cybersecurity product development relies on having a good idea, and the networking skills to gain feedback, interest customers and attract great employees, Veracode CTO Chris Wysopal said in a presentation during Black Hat 2018.

 

In the News Aug 07 2018 CRN

Black Hat 2018: 6 Execs On What The Boardroom Overlooks Around Cybersecurity Strategy

CRN asks six security CEOs and technical leaders attending Black Hat 2018 what areas of cybersecurity need to receive more attention in the Boardroom. Read why Veracode Vice President of Research Chris Eng believes boards need to be more aware of the risks of breaches resulting from code originating in open-source libraries. 

In the News Aug 06 2018 CSO

Blockchain only as strong as its weakest link

In his latest column for CSO, Veracode CTO Chris Wysopal spells out why the blockchain isn't completely secure - the software components interacting with it are written in code, and most software code has bugs and vulnerabilities. Here's how to begin fixing the vulnerabilities. 

In the News Jul 16 2018 CSO

5 ways to hack blockchain in the enterprise

Blockchain may hold tremendous promise for enterprises, but it's also vulnerable to a variety of attacks. Veracode CTO Chris Wysopal and other experts detail the risks in CSO. 

In the News Jul 09 2018 Threatpost

How to Solve the Developer vs. Cybersecurity Team Battle

Veracode's Chris Eng tackles how companies can bring bridge the divide between software developers and cybersecurity teams to bring to market reliable and secure applications in a contributed article in Threatpost. 

In the News Jul 05 2018 Silicon.es

Nearly 5 out of 10 application developers do not update components when there is a vulnerability

A study commissioned by Veracode reveals that 83% of developers use commercial or open source components in their creations.

 

 

contact menu