Top 20 Security Blogs

Veracode’s nomination for “Best Corporate Security Blog” at the 2012 Social Security Bloggers Awards got the Veracode Marketing team thinking about the other great information security blogs we follow. The Marketing team thought it would be fun to compile a list of what we think are the best 20 information security blogs. We used a […]

Making Assumptions – a common but dangerous programming practice

As an application security analyst, one of my responsibilities includes studying commonly made (and easily preventable) programming mistakes that result in potential security risks. In my experience, some of the most common flaws come from the improper validation of data read from files. In most cases, a programmer has had SOME foresight and it is […]

Finding the Veracode Research Team at RSA

We’re all getting ready for the yearly RSA pilgrimage. I thought I’d put together a quick post on where you can find Veracode founders and members of the Veracode Research team out at RSA. We’re looking forward to some great conversations and networking. Conference Presentations Chris Wysopal, Monday 9:30-10:20am. PANEL: National and International Security Standards […]

Weekly News Roundup

Happy Friday! It may have been a short week, but there was no shortage of big news in the security world. However, before we delve into this week’s big news in the security world, I’d like to give a shout out to Veracode developer and blogger, Mark Kriegsman whose blog post on the utility he […]

How To Build An Appsec Training Program for Development Teams: A Conversation with Fred Pinkett


Recently, Veracode’s Jim Lynch and Fred Pinkett, VP of Product Management at Security Innovations discussed key strategies that organizations need to adopt in order to implement a formalized Application Security Training program for development teams. The well attended webinar generated a number of questions from attendees. The following are some highlights of the Q&A at the end of the discussion.

Weekly News Roundup

It’s finally Friday and the start to a long weekend! Here are this week’s hot security topics, as reported by our esteemed peers in the industry: Applications uploading data from your iPhone’s address book without permission: “iOS apps and the address book: who has your data and how they’re getting it,” a great article by […]

AdiOS: Say Goodbye to Nosy iPhone Apps

Veracoder Mark Kriegsman created a free utility, called AdiOS, that lets iOS users quickly scan the apps they’ve downloaded to see which have access to their complete address book. After downloading the utility, users can see which applications are accessing using this tool. Read about the utility and download it to see which of your apps are transmitting your phone book data.

The New EU Data Regulations – What Companies Need to Consider

January 25th, 2012 saw the announcement of new data security regulations for the European Union (E.U.) – the idea being to ‘upgrade’ to the challenges of a new world. The previous Data Privacy Directive had been implemented in 1995 and didn’t reflect the changing data ownership and distribution model that exists today…Cloud storage concerns, jurisdictional […]

The Benefits of Closed Loop Development

“On January 31, Veracode released our first platform update of 2012, including new scans for iOS, improved eLearning progress tracking and reporting, additional API methods, and better communication of expected turnaround times for applications.” That was the headline of the release announcement that went out to our opted-in Veracode users about two weeks ago, and […]

Weekly News Roundup

As most of the folks who work at Veracode know, I’m brand new to the IT security space. I’ve been in start-ups most of my career and I’ve touched many industry verticals, but this is my first foray into security. I’m not sure if it was a complete coincidence, but from the moment my initial […]

1 2