In the News

In the News Jun 12 2018

Making DevOps a Reality- Bringing in Security: Top 4 Topics

I caught up with Maria Loughlin, vice president of engineering at CA Veracode; Chris Eng, vice president of research at CA Veracode; and Alan Shimel, CEO of, to talk more about their recent panel webinar on bringing in security to make DevOps a reality. It was enlightening to hear their perspectives on how companies can build security into its culture so that it permeates the development process. Many enterprises have realized that with the continuing popularity of DevOps comes the possibility of creating an environment that allows software vulnerabilities. In truth, more teams are integrating security testing into their development processes.

In the News Jun 11 2018 CIO Review

Scaling Your Application Security Program

We now live in a world where software applications are omnipresent. The world’s largest enterprises are increasingly finding themselves in the software business. It doesn’t matter what their end products are, they are building Web applications, mobile apps and other software for their products and this software is becoming a key interaction point between brands and their customers and partners. According to a recent McKinsey study, it is now widely accepted that innovation isn’t optional, and that utilizing new software technologies is a prerequisite to success in virtually all industries.

In the News Jun 08 2018 ITBusinessEdge

Securing DevOps Without Undermining It

Everybody wants to do DevOps right, and part of that equation is making sure applications and services remain secure even as development and integration transition to a continuous workflow model.

In the News Jun 08 2018 Digitalisation World

Disruptive display

The latest addition to the CA Security portfolio, CA Veracode SourceClear is a SaaS-based software composition analysis tool which relies on a unique vulnerability database that goes beyond the National Vulnerability Database (NVD) and vulnerable methods technology to increase the actionability of static composition analysis (SCA) results. Unique to CA, the combination of CA Veracode and CA Veracode SourceClear offerings enable organisations to use open source libraries to accelerate software development without adding unmanaged risk to support the DevSecOps movement.

In the News Jun 01 2018 Bleeping Computer

OMB Releases Damning Report on U.S. Govt's Inability to Counter Cyber Threats

The United State's Office of Management and Budget (OMB) oversees the implementation of the president’s objectives in the areas of policy, budget, management and regulation. To that end, the recent government-wide cybersecurity risk assessment, carried out by the OMB, in coordination with the Department of Homeland Security (DHS), highlights several serious issues that continue to imperil federal cybersecurity and ultimately put the nation at risk.

In the News May 31 2018 TEISS

RSA SPECIAL: Hacking and elections

What has been done since 2016 to secure our voting systems for the next major election? What needs to be done? What is our reality check when it comes to the risks global vulnerabilities pose? TEISS caught up with Chris Wysopal, CTO at Veracode at RSA 2018 for his thoughts on elections, hacking and whether we can still trust the system…

In the News May 31 2018 TEISS

RSA SPECIAL: Can governments stay cyber safe?

TEISS caught up with Chris Wysopal, CTO at CA Veracode at RSA 2018 for his thoughts on elections, hacking and whether we should still trust the system…

In the News May 30 2018 Threatpost

Bug In Git Opens Developers Systems Up To Attack

“These are tricky vulnerabilities that will require the Git hosting services to patch, but also individual developers who are using the tool,” said Tim Jarrett, senior director of security, CA Veracode.

In the News May 30 2018 Wired

The Bleak State of Federal Government Cybersecurity

"One thing they seem to have kind of punted on is the whole legacy tech modernization issue," Veracode's Wysopal notes. "And to me that’s probably the biggest and most important issue. Agencies are using five different versions of Windows going back 10 years, running multiple versions of things like Java and Flash, and their email is a huge mess. You’re never going to be able to hire enough personnel to manage all that risk without simplifying and standardizing."

In the News May 25 2018 Dev Insider (DEU)

Lack of vulnerability analysis in companies - Little attention to external code components

In a recent CA Veracode study, 93 percent of respondents said they used external code components. More and more commercial and open source components are used in software development. If a vulnerability becomes known, but only about half of the developers update these code components, according to a CA Veracode study.

In the News May 24 2018 The Parallax

20 years on, L0pht hackers return to D.C. with dire warnings

It was not the usual Congressional scene in room 2237 of the Rayburn House Office Building on Tuesday afternoon. More people in the audience than usual had hair dyed pink or green, and opted for T-shirts instead of button-down attire. And the name tags on the table in front of the room sported an unusual set of monikers: Kingpin, Mudge, Weld Pond, and Space Rogue. The occasion was a reunion of four members of the hacking collective L0pht Heavy Industries, organized by the Congressional Internet Caucus Academy and the Senate Cybersecurity Caucus, almost 20 years after L0pht members warned of rampant insecurity online in the Senate’s first cybersecurity hearing.

In the News May 23 2018 Politico

Federal agencies’ performance on IT, cybersecurity a mixed bag

Chris “Weld Pond” Wysopal said the major shift is that ethical hackers once were viewed as a nuisance or worse, but are now embraced for bug bounty programs or take roles at companies. “In 10 years they went from ‘Please go away’ to ‘Thank you very much, here's some money,’” said Wysopal, now chief technology officer at cybersecurity company CA Veracode. Wysopal also said he remembers senators asking at that first hearing if a nation-state might ever employ a group of hackers like themselves. “It all seemed so theoretical,” he said. “We all know 20 years later this is happening constantly.”

In the News May 23 2018 Washington Post

The Cybersecurity 202: These hackers warned Congress the internet was not secure. 20 years later, their message is the same.

Twenty years ago this week, a collective of young hackers came to Washington with a warning for Congress: Software and computer networks everywhere were woefully insecure. During that now-infamous hearing in May 1998, one told senators that “any of the seven individuals seated before you” could take down the Internet in just half an hour.

In the News May 22 2018 Verdict Encrypt

What Should Companies’ Top Cybersecurity Concern in 2018 Be? 49 Experts Have Their Say

"As businesses continue on their digital transformation journey, their dependency on software increases, which in turn creates a greater surface for hackers to attack. Recent research has revealed that 77% of all software applications have at least one vulnerability when first scanned. The top cybersecurity concern for businesses will therefore be the risk posed by vulnerabilities in software, which cybercriminals will look to exploit in order to exfiltrate data, inject ransomware or mine cryptocurrency. To mitigate these attacks, organisations will need to ensure that their software is secure, and an effective way of doing this is to test for vulnerabilities in web and software applications early and often. In this way vulnerabilities can be discovered and fixed before they can be exploited by hackers." - Paul Farrington, director, EMEA Solutions Architects, CA Veracode. 

In the News May 22 2018 Axios

L0pht returns to D.C., two decades after first testimony

Hackers from the Boston collective The L0pht testified on Capitol Hill 20 years ago this weekend, in what became a landmark moment for the legitimization of white hat hackers and an altogether surreal event in the annals of the U.S. Senate. Today, four of them return to discuss how things have changed. What they're saying: L0pht alumni Chris "Weld Pond" Wysopal and Cris "Space Rogue" Thomas emailed Codebook to explain what actually did change.

In the News May 17 2018 Dark Reading

Get Ready for 'WannaCry 2.0'

Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.

In the News May 12 2018 Fortune

Cyber Saturday—As Blockchain Week Kicks Off, Remember The DAO

In honor of “blockchain week,” which is kicking off in New York City, I’ve been thinking about the security of smart contracts, self-executing computer programs designed to encode business relationships. A smart contract might codify, for example, an agreement like this: If Justify, a racehorse, wins the Kentucky Derby, pay $10 in Bitcoin to some lucky fellow’s digital wallet. The code eliminates the need for a bookie.

In the News May 11 2018 ComputerWeekly

WannaCry’s EternalBlue exploit still a threat

A year after the global WannaCry attacks, the EternalBlue exploit that was a key enabler for the malware is still a threat to many organisations, and many UK firms have not taken action, security researchers warn

In the News May 09 2018 Yahoo! Finance

Your crypto exchange may be less secure than your email account

Cryptocurrency exchanges and apps aren’t just among the most valuable targets for hackers, they also remain among the most vulnerable. That’s the warning Chris Wysopal, chief technology officer at the security-tools firm Veracode, offered during a talk at the Collision conference here on May 1. It’s something that should be at the top of concerns for people looking to trade or invest in cryptocurrencies such as bitcoin, which are generated through increasingly complex mathematical “mining” and allow pseudonymous transactions online and across international borders — and have increased in value wildly, even after recent plunges.

In the News May 09 2018 CSO

The good, the bad & the ugly of using open source code components

Using these risky snippets of code has become standard for developers, but what do they actually think about them?

In the News May 02 2018 Orbita (Peru)

Software development: only 52% of open source components receive security updates

An investigation carried out by CA Veracode, a leading company in the security market and acquired by CA Technologies, clarifies the differences between the security and hygiene of open source components. According to the survey, almost half of programmers (48%) do not update developed solutions that use open source or commercial components, even when the market discloses a new security vulnerability. This and other data highlight the lack of awareness of security organizations, placing them at risk.

In the News Apr 30 2018 TechTarget (DEU)

Tips for secure development with open source components

Open source components are often part of other software in the company. This can cause security problems. The following best practices provide more security.

In the News Apr 30 2018 TechTarget

Windows NTFS flaw posted after disclosure gets nowhere

Proof-of-concept code showing how an NTFS flaw can shut down Windows systems was published by a security researcher nine months after he disclosed it to Microsoft.

In the News Apr 26 2018 SC Magazine

SC Video: CA Veracode's Chris Eng talks on the cyber risks of using open-source software

Using open-source software is now the norm for most development teams, but with this usage comes several associated security risks. Chris Eng, VP of research for CA Veracode, chatted with SC Media's Online Editor Doug Olenick on the security issues surrounding the use of open-source software and what can be done to ensure that the code being used has been vetted and is safe.

In the News Apr 23 2018 SearchSoftwareQuality

How a DevSecOps process gives security a voice

Security teams have worked quietly in the background of software quality projects for years. The DevSecOps process puts the long-lost co-worker, security, front and center.



contact menu