Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News May 09 2018 CSO

The good, the bad & the ugly of using open source code components

Using these risky snippets of code has become standard for developers, but what do they actually think about them?

In the News May 09 2018 Yahoo! Finance

Your crypto exchange may be less secure than your email account

Cryptocurrency exchanges and apps aren’t just among the most valuable targets for hackers, they also remain among the most vulnerable. That’s the warning Chris Wysopal, chief technology officer at the security-tools firm Veracode, offered during a talk at the Collision conference here on May 1. It’s something that should be at the top of concerns for people looking to trade or invest in cryptocurrencies such as bitcoin, which are generated through increasingly complex mathematical “mining” and allow pseudonymous transactions online and across international borders — and have increased in value wildly, even after recent plunges.

In the News May 02 2018 Orbita (Peru)

Software development: only 52% of open source components receive security updates

An investigation carried out by Veracode, a leading company in the security market and acquired by CA Technologies, clarifies the differences between the security and hygiene of open source components. According to the survey, almost half of programmers (48%) do not update developed solutions that use open source or commercial components, even when the market discloses a new security vulnerability. This and other data highlight the lack of awareness of security organizations, placing them at risk.

In the News Apr 30 2018 TechTarget (DEU)

Tips for secure development with open source components

Open source components are often part of other software in the company. This can cause security problems. The following best practices provide more security.

In the News Apr 30 2018 TechTarget

Windows NTFS flaw posted after disclosure gets nowhere

Proof-of-concept code showing how an NTFS flaw can shut down Windows systems was published by a security researcher nine months after he disclosed it to Microsoft.

In the News Apr 26 2018 SC Magazine

SC Video: Veracode's Chris Eng talks on the cyber risks of using open-source software

Using open-source software is now the norm for most development teams, but with this usage comes several associated security risks. Chris Eng, VP of research for Veracode, chatted with SC Media's Online Editor Doug Olenick on the security issues surrounding the use of open-source software and what can be done to ensure that the code being used has been vetted and is safe.

In the News Apr 23 2018 DevOps Institute

4 Signs that Demand for DevSecOps Skills Is Growing

DevSecOps isn’t yet as widely known or practiced as DevOps, but that could be changing. 2018 has been a wake-up call for enterprises that haven’t deeply integrated security practices throughout their IT organizations. In just a few short months, news has broken about major attacks and/or breaches at Sears and Delta Air, oil and gas pipelines, Panera Bread, Saks Fifth Avenue and Lord & Taylor, European financial institutions, MyFitnessPal, at least 1,000 Magento-based ecommerce sites, Orbitz, FedEx, Boeing, the city of Baltimore, and the city of Atlanta.

In the News Apr 23 2018 SearchSoftwareQuality

How a DevSecOps process gives security a voice

Security teams have worked quietly in the background of software quality projects for years. The DevSecOps process puts the long-lost co-worker, security, front and center.

In the News Apr 18 2018 BankInfo Security

Mitigating Open Source Security Vulnerabilities

Organizations are increasingly incorporating open source code elements into their development to accommodate agile development methodologies and swift go-to-market requirements, but not many are addressing the security concerns that follow this decision, says Veracode CTO Chris Wysopal.

In the News Apr 12 2018 Info Security

Developers Failing to Use Secure Open Source Components

Only half of developers using open source components in their software update them to use the most secure version, according to Veracode.

In the News Apr 12 2018 Infosec Island

The Three Great Threats to Modern Civilization

Throughout the history of mankind, civilizations have risen and fallen due to a variety of factors. For the most part, the collapse of a civilization wasn’t sudden, but a gradual decline brought on by multiple causes like changing culture, climate or even the introduction of a new culture (such as when Europeans came to the “new world”).

Press Release Apr 10 2018

Despite Major Vulnerability Disclosures Like WannaCry, New Research Finds that Open Source Components Fail to Receive Suitable Security Attention

Study found less than 25 percent of developers test components for vulnerabilities at every release

In the News Apr 10 2018 IT Pro Portal

Developers aren't patching open-source vulnerabilities

Organisations often unaware of the inherent security risk of using third-party components in their applications.

In the News Apr 09 2018 Fortune

Exclusive: CA Technologies Is Buying a Startup to Bolster App Security

“There is a lot of inherent risk in leveraging open source libraries to assemble software,” said Sam King, general manager for CA Technologies’ Veracode unit, SourceClear’s new home which specializes in application security, in a statement emailed to Fortune. One recent consequence of that risk: last year’s Equifax data breach, which was caused by the big three credit bureau using a vulnerable version of Apache Struts, a popular open source software project.

In the News Apr 09 2018 DevOps Online

DevOps and the need for security to shift left

Shift left testing is an increasingly popular approach to testing applications and software, where the testing is generally performed earlier in the development project timeline (hence ‘shifted left’) and is a fundamental aspect of the DevOps approach.

In the News Apr 02 2018 CSO

Open source software security challenges persist

Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.

In the News Mar 26 2018 Security Boulevard

6 Tricky Obstacles Security Teams Face in GDPR Compliance

The European Union’s General Data Protection Regulation (GDPR) takes effect May 25 and the penalties are stiff for failing to comply. Many are still unsure whether their companies are safely out of harm’s way. The regulation is long and full of terrors, to be sure. However, resistance is futile.

In the News Mar 26 2018 Security Insider (Germany)

Causes of a lack of application security

Web applications for the interaction of companies with their customers or prospects today play a central role in many industries. Often, personal data is used to initiate and process the contract. Often there is a lack of application security. Compulsory tests in the development process of such apps are omitted, although just in Java libraries or other code snippets again and again new gaps of cyber criminals are discovered. After all, 88 percent of Java applications contain at least one component that makes them vulnerable to cyber attacks. This was the result of the State of Software Security Report 2017 ( SoSS Report) by VeracodeProvides unique insights into application security status from more than 1,400 customers based on data and software scans.

In the News Mar 21 2018 SD Times

Veracode announces evolution of Veracode Verified

Veracode has announced the expansion of Veracode Verified, which provides third-party validation to a company’s software development process. According to the company, 30 percent of security breaches are a result of problems in the application layer, so software purchasers are now wanting more insight into what software they are buying.

In the News Mar 21 2018 Search Security

Human error still poses a significant cloud security risk

Even with the most sophisticated cloud security tools in play, human error -- both from end users and IT teams -- can open up your enterprise to numerous kinds of attacks.

In the News Mar 21 2018 Search Security

Firefox bug exposes passwords to brute force -- for nine years

A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years.

Press Release Mar 20 2018

CA Technologies (Veracode) Recognized as a Leader in Fifth Consecutive Gartner Magic Quadrant for Application Security Testing

Company evaluated based on ability to execute and completeness of vision

In the News Mar 20 2018 IDG Connect

Testing the waters: The value of ethical hacking for business

Paul Farrington, Manager: EMEA Solution Architects at Veracode, says that, with the 2017 State of Software Security report demonstrating that 77 percent of applications have at least one vulnerability on initial scan, it is not surprising that large organizations, such as Google and Apple, are setting up their own bug bounty programs, which employ or incentivize ethical hackers to find vulnerabilities in their software applications.

In the News Mar 19 2018 SDxCentral

Veracode Validates Application Security, DevOps Processes

Application security company Veracode was acquired last year by CA Technologies and became a business unit within CA. Now, the company has released Veracode Verified, a new program that provides third-party validation of a company’s security software and DevOps process.

Press Release Mar 19 2018

Enhancements to Veracode Verified Program Validates Secure Coding for DevOps and Agile Processes

Program provides software buyers with a standard for understanding any vendor’s security posture



contact menu