Which of the 10 Big Breaches in 2011 Were Application Security Related?

Dark Reading published an list of 10 big breaches in 2011. Dark Reading said, “No one was immune: not social networks, not financial institutions, and not even security firms.” I thought I would take a look at how many of these breaches were due to an application vulnerability. These are the breaches that most likely […]

Putting Trust in Software Code

Seven years ago when we were first embarking on the mission of making static analysis useable, scalable, and able to operate without access to source code, automated static binary analysis was a new concept. There were human operated disassemblers, but the ability to do large scale, highly repeatable static binary analysis was an unknown. At […]

Stay Cool, Nobody is Calling Your Baby Ugly

Let me start by saying I have a great deal of respect for Dinis Cruz. He’s tremendously passionate about application security and has made numerous contributions to the community through his involvement with OWASP. We even sat on a panel together recently. But I was taken aback by a presentation he gave at OWASP AppSec […]

Common Hazards That Cause Home Fires

Today I have a guest commentary on the changes in security landscape since 2001 in Threatpost. So as I look back over the last 10 years I don’t see much of a change in the vulnerability-scape, if you will, but in the threat landscape. New classes of attackers have gone mainstream and global. They are […]

Musings on Custer’s Last Stand

Let’s not mince words: this rambling diatribe from Oracle’s CSO is aimed directly at Veracode. No need for a cutesy acronym; we’re the only company with true static binary analysis technology, delivered as a service. Now that we’ve got that out of the way, let’s try to cut through the rhetoric (in just over a […]

When In Rome (Or When At Caesars…)

It’s that time of year again… A time when all the most interesting people, ideas, concepts, and attacks are on display in Las Vegas. That’s right, we are talking about Blackhat USA and associated conferences. Every year about a week before conference time, all the security analysts, researchers, and talking heads begin to espouse their […]

Call For Papers on Software Static Analysis

Call for Papers IEEE Security & Privacy Software Static Analysis Abstract submissions due: 15 Aug. 2011 Final submissions due: 15 Sept. 2011 Publication date: May/June 2012 Secure and reliable software is hard to build, but the costs of failure are steep. Data breaches caused by attackers exploiting vulnerabilities in software made many headlines in 2011 […]

THE Security Problem is Scale

Rich Mogull talks about real world IT security challenges today in his column, “Simple Isn’t Simple” in Dark Reading. I agree 100%. One of the Rich’s points is security has to scale or it doesn’t solve the real world problem. In most cases we know how to solve a security problem for a single instance […]

“We Don’t Sell It? Then It’s Not Important”

[UPDATE: Since there seems to be some confusion, the "We" in the title of this post is NOT "Veracode". The expression is a generic one intended to illustrate the attitude exhibited by many companies who like to downplay the value and/or effectiveness of technologies that they themselves do not sell. I can't believe I am […]

Mobile Security – Users Just Don’t Care

It’s not that users “don’t want to keep their data safe”. They do. Most corporate users don’t want their personal or corporate, private information, available to someone else. They don’t want their email stolen or their contacts pillaged. So why do people insist on ignoring the multitude of security recommendations on how to have a […]

1 5 6 7 8 9 24