There are a lot of ways that companies are missing the mark on AppSec, but there are a lot of ways they aren’t, and we can learn a lot from those that are doing it right.
Application security vendor Veracode has released the "2017 State of Software Security Report," and the results paint an unflattering picture of Java developers. An alarming 88 percent of Java applications contain at least one vulnerable component, the report's authors found. Why? Developers don't patch components in production once vulnerabilities are found and new versions of those components are released.
DevSecOps combines application security and DevOps. With this approach, IT security is included in the software development and software lifecycle right from the start. More from CA Veracode's Julian Totzek-Hallhuber.
Software and application security vendor Veracode has gone through a re-brand and a change of leadership, and Infosecurity recently met with SVP and general manager Sam King to learn all about it...
Digital transformation is one of the hottest buzzwords in the technology industry today. While it tends to be overused, the term does represent a widespread, ongoing movement that will set a standard for the next generation of enterprises. More from CA Veracode's Pete Chestna (@PeteChestna).
In the year 79 AD, the citizens of Pompeii and Herculaneum thought that the smaller earthquakes they noticed were due to angry gods. They lacked the knowledge to interpret it as a warning of the imminent, devastating eruption of Mount Vesuvius. We should not make a similar mistake about cyber security.
On 25 May 2018, the transitional period for the European Data Protection Regulation (EU GDPR) ends. This will make data protection rules much more stringent for businesses and governments. Many previous data protection measures must be questioned, updated or expanded.
Pete Chestna (@PeteChestna), the director of developer engagement at CA Veracode, puts it all together by boiling down secure DevOps transformation to five key steps. Successful teams engage in automated software testing, integrate security early to fail quickly, avoid generating false alarms, appoint security champions within teams, and maintain operational visibility at all times.
The results of Veracode's State of Software Security report are alarming: 88 percent of Java applications contain at least one component that makes them vulnerable to cyber-attacks. The reason for this is the lack of visibility and management of open source components in enterprise applications.
CA Veracode's Chris Wysopal explains how defenders can help developers create secure software through coaching, shared code, and services.
When building and deploying applications, developers continue to make the same security errors year after year, according to a new study from CA Veracode. The 44-page CA Veracode State of Software Security Report, released on Oct. 18, provides insight from 400,000 software assessments conducted using the CA Veracode platform between April 1, 2016 and March 31, 2017. Among the high-level findings in the report is that the same classes of vulnerabilities continue to be found in similar percentages in the last several years. Of note, CA Veracode found that 88 percent of Java applications that were scanned had at least one vulnerable component. In this slideshow, eWeek looks at some of the highlights from CA Veracode's latest State of Software Security Report.
According to a study by Veracode, the lack of visibility and management of open source components in enterprise applications are the reasons why Java applications are vulnerable to cyber attacks. Veracode reports on the status of user security in its latest study "State-of-the-art Software Security Report." According to the results, 88 percent of Java applications contain at least one component that acts as the gateway to cybercriminals. The reasons for this are a lack of visibility and the management of open source components in enterprise applications. According to Veracode, less than 28 percent of companies regularly analyze the open source and third party components used in their applications.
Solution architect at Veracode Chris Campbell (@chris_campbell) says that 0pen source software is clearly enabling business to lean in on community expertise and deliver value from applications faster than ever before. “But as recent high-profile breaches have shown us, there are tangible consequences to customers and employees if the vulnerability risk associated with OSS components isn’t managed effectively,” said Campbell. Veracode’s 2017 State of Software Security report suggests that 88% of Java applications have at least one vulnerability from OSS components. “The tools already exist to record and deal with OSS risk, many businesses now need to build these in to their application security programs as a top priority,” notes Campbell.
Application security continues to stink at many organizations, a new report from Veracode shows. But developers are not the only ones to blame. A failure by organizations to provide adequate security training and by operational teams to address vulnerabilities in the production environment have a big impact on application safety as well, the company said.
In this 67th episode of The Security Ledger Podcast, Tim Jarrett of Veracode talks about how a single security hole in an open source library found its way into millions of applications.
Veracode's 2017 State of Software Security Report, an annual review of application security testing data, revealed that 88 percent of Java applications contain at least one vulnerable component.
A recently released study conducted by CA Veracode has found that the majority of Java applications contain at least one vulnerable component, making them predisposed to widespread attacks.
Study Finds That Less Than 28 Percent of Organizations are Actively Monitoring the Components That Could Lead to Security Breaches
A new report from CA Veracode has exposed the pervasive risks companies face from vulnerable open source components. In its 2017 State of Software Security Report the firm reviewed application security testing data from scans of its base of 1400 customers, discovering that 88% of Java applications contain at least one vulnerable component, making them susceptible to widespread attacks.
CA Veracode announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by a base of more than 1,400 customers.
Veracode publishes the State of Software Security Report, and the results are alarming: 88 percent of Java applications contain at least one component that makes them vulnerable to cyber attacks.
Nearly nine in ten web applications written in a popular coding language use out of date open-source components that are now known to have security vulnerabilities, according to the software analysis firm Veracode.
DevOps poses special challenges for IT security. But continuous feedback can make applications safer. In this article, CA Veracode's Nabil Bousselham looks at which technologies can help.
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
The architecture of software is changing fundamentally - Microservices are on the rise. Veracode, now part of CA Technologies, identifies three key challenges that drive application security. Microservices have been on the rise in software development for several years. Developing many small services rather than single monolithic applications offers many advantages.