In the News

In the News Oct 20 2017 Dark Reading

Veracode: 75% Of Apps Have at Least One Vulnerability on Initial Scan

Application security continues to stink at many organizations, a new report from Veracode shows. But developers are not the only ones to blame. A failure by organizations to provide adequate security training and by operational teams to address vulnerabilities in the production environment have a big impact on application safety as well, the company said.

In the News Oct 20 2017 ComputerWeekly

7 years of open source: Twilio, Synopsys & Veracode

Solution architect at Veracode Chris Campbell (@chris_campbell) says that 0pen source software is clearly enabling business to lean in on community expertise and deliver value from applications faster than ever before. “But as recent high-profile breaches have shown us, there are tangible consequences to customers and employees if the vulnerability risk associated with OSS components isn’t managed effectively,” said Campbell. Veracode’s 2017 State of Software Security report suggests that 88% of Java applications have at least one vulnerability from OSS components. “The tools already exist to record and deal with OSS risk, many businesses now need to build these in to their application security programs as a top priority,” notes Campbell.

In the News Oct 20 2017 IT-Business

Java applications targeted by cyber attacks

According to a study by Veracode, the lack of visibility and management of open source components in enterprise applications are the reasons why Java applications are vulnerable to cyber attacks. Veracode reports on the status of user security in its latest study "State-of-the-art Software Security Report." According to the results, 88 percent of Java applications contain at least one component that acts as the gateway to cybercriminals. The reasons for this are a lack of visibility and the management of open source components in enterprise applications. According to Veracode, less than 28 percent of companies regularly analyze the open source and third party components used in their applications. 


In the News Oct 19 2017 Developer Tech

Report discusses how Java apps are susceptible to widespread attacks from known security defects

A recently released study conducted by CA Veracode has found that the majority of Java applications contain at least one vulnerable component, making them predisposed to widespread attacks.

In the News Oct 19 2017 Website Magazine

88 Percent of Java Apps Susceptible to Attack

Veracode's 2017 State of Software Security Report, an annual review of application security testing data, revealed that 88 percent of Java applications contain at least one vulnerable component.

In the News Oct 19 2017 The Security Ledger

Plumbing the KRACK Vulnerability and Fast Flux Botnets: the AirBnB of the Cybercrime World

In this 67th episode of The Security Ledger Podcast, Tim Jarrett of Veracode talks about how a single security hole in an open source library found its way into millions of applications.

In the News Oct 18 2017 Help Net Security

The pervasive risk of vulnerable open source components

CA Veracode announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by a base of more than 1,400 customers.

In the News Oct 18 2017 The Hill

Report: 88 percent of apps in popular coding language use unsecure parts

Nearly nine in ten web applications written in a popular coding language use out of date open-source components that are now known to have security vulnerabilities, according to the software analysis firm Veracode.

In the News Oct 18 2017 IT-Daily

Java applications are vulnerable to attacks

Veracode publishes the State of Software Security Report, and the results are alarming: 88 percent of Java applications contain at least one component that makes them vulnerable to cyber attacks.

In the News Oct 18 2017 Infosecurity Magazine

Report: 88% of Java Apps Vulnerable to Attacks from Known Security Defects

A new report from CA Veracode has exposed the pervasive risks companies face from vulnerable open source components. In its 2017 State of Software Security Report the firm reviewed application security testing data from scans of its base of 1400 customers, discovering that 88% of Java applications contain at least one vulnerable component, making them susceptible to widespread attacks.

In the News Oct 17 2017 Dev Insider

Making DevOps safer with RASP

DevOps poses special challenges for IT security. But continuous feedback can make applications safer. In this article, CA Veracode's Nabil Bousselham looks at which technologies can help.

In the News Oct 17 2017 Dark Reading

Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say

Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.

In the News Oct 13 2017 Netzpalaver

Impacts of Microservices on application security

The architecture of software is changing fundamentally - Microservices are on the rise. Veracode, now part of CA Technologies, identifies three key challenges that drive application security. Microservices have been on the rise in software development for several years. Developing many small services rather than single monolithic applications offers many advantages.

In the News Oct 12 2017 Information Age

App economy: desperately seeking security talent

Digital transformation has revolutionised the role of applications and software within the business. Previously viewed as the IT Team’s domain, companies are increasingly investing in how they can drive greater productivity and create new revenue streams.As the importance of software and applications – and the speed with which it is developed –increases, we’re witnessed the transformation to DevOps. DevOps is changing the way companies build, test and deploy applications and is rising in popularity among many businesses, including major brands like Starbucks, LinkedIn, Apple and even the NASA that want to drastically speed up the product-to-market lifecycle.

In the News Oct 10 2017 Security-Insider

What you need to know about DGPR

2018, the transitional period for the European Data Protection Regulation (EU-DSGVO) will end on 25 May. This makes the data protection rules for companies and authorities much more stringent. Many previous data protection measures must be questioned, updated or expanded. The time is running. Many companies are running behind. The modern economy is nothing without data: no orders, no production, no sales, no customer service, no advertising from new customers and no employee administration. Collection and processing of personal data is therefore a "must". Because this data is so important, it is also coveted. In the past two years, every second company in Germany has become a victim of data loss, data theft, economic crime or sabotage (53%, source: Bitkom). The resulting loss is estimated at € 55 billion annually. Data misuse happens on a daily basis and can happen to anyone. However, it is not only caused by cyber-attacks or economic espionage, but often by negligent handling of data, for example, when no or unprofessional data management is operated.

In the News Oct 06 2017 DevOps Online

Veracode empowers developers to secure modern web and cloud applications

Veracode announced support for security testing in applications built with Scala language, as well as the Python Boto3 framework within the Veracode Static Analysis solution.

In the News Oct 05 2017 Dev-Insider

Code review for Python Boto3 and Scala

With Veracode Static Analysis, applications that have been created using the Scala programming language and the Boto3 software development kit for Python can be investigated. AWS applications and microservices are especially benefiting from the support. Boto3 is used to develop cloud applications that directly access Amazon Web Services. Scala has also become more and more popular, not least thanks to the interoperability with the Java programming language. Thanks to Java archive integration, existing Java libraries and frameworks can easily be integrated into Scala projects. According to Scott Crawford, Research Director at 451 Research, Scala is "well suited to the increasingly emerging microservices application architectures, thanks to its scalability." The Veracode Static Analysis enhancements enable developers to test these early-stage applications for their security. The solution leverages the experience Veracode has gained with the investigation of more than two trillion code lines and continuous improvements.

In the News Oct 05 2017 CSO

Is 'secure open source component use' an oxymoron?

Asking developers to stop using components would be like asking writers to stop using word processing and go back to typewriters. Components are a technological advance that enables productivity and innovation, and have simply become a standard tool of the trade. But with these benefits comes some risk. They can, and often do, contain vulnerabilities. And the nature of their use – the functionality in one component is used again in multiple other components – means they spread risk like wildfire. More from Veracode's Chris Wysopal (@WeldPond).

In the News Oct 04 2017 Heise Developer

Veracode enhances static analysis

The SaaS offering Veracode Static Analysis now provides vulnerability testing for applications created in the JVM Scala language or the Boto 3 framework. Veracode, which has been part of CA Technologies since March 2017, has expanded its SaaS platform (software as a service) for the static analysis of software. Developers can now test applications on vulnerabilities that they have written in Scala or with the Python framework Boto 3 via Veracode Static Analysis. Boto 3 is the SDK of Amazon Web Services (AWS) to access Python via an object-oriented API on AWS services such as S3 and EC2. According to the announcement, Veracode is currently the only security vendor to offer static analysis for the framework. The Scala programming language is becoming increasingly popular thanks to its scalability. Apache Spark is based on the JVM language, which combines functional and object-oriented approaches.

In the News Oct 04 2017 SD Times

Veracode adds support for Python Boto3 and Scala

Veracode has announced an expansion to its security testing capabilities. This will enable developers to do security testing early in the development process to ensure that their applications are secure. Veracode Static Analysis now supports applications built in Scala and the Python Boto3 framework.

In the News Oct 04 2017 heise Developer

Veracode extends its platform for static analysis

Veracode, which has been part of CA Technologies since March 2017, has expanded its SaaS platform (software as a service) for the static analysis of software. Developers can now test Veracode Static Analysis applications for vulnerabilities that they have written in Scala or with the Python framework Boto3.

In the News Sep 28 2017 CSO

SecDevOps is hindering developers who are keen on Agile but inadequate at security

Developer-focused education crucial as pen-testers find the same application security problems, over and over again

In the News Sep 25 2017 IDG Connect

DevOps: Where’s all the security talent?

Digital transformation has completely changed how businesses consume applications and software. Businesses are increasingly looking to technology to drive greater efficiencies and create new revenue streams, with Gartner predicting that the enterprise software spend will increase to $351 billion this year. More from CA Veracode's Colin Domoney (@colindomoney).

In the News Sep 20 2017 eWeek

CCleaner Attack Shows Need to Bolster Software Development Security

The latest targets of attackers are developers and insecure development processes, highlighting the need to instill security checkpoints in the development process.

In the News Sep 19 2017 Information Security Buzz

Malicious WordPress Plugin Used To Hijack More Than 200,000 Websites

It was reported that a malicious WordPress plugin has been discovered which has been used to hijack more than 200,000 websites. The plugin called Display Widgets has been found to contain a backdoor that could allow hackers to access what is posted on the site and modify content on infected pages. Colin Domoney (@colindomoney), Consultant Solution Architect at Veracode commented.



contact menu