Veracode is once again positioned in the “Leaders” quadrant of Gartner, Inc’s 2013 “Application Security Testing Magic Quadrant ”. The quadrant is based on an assessment of a company’s ability to execute and completeness of vision.
Every year big four firm Ernst and Young recognizes a number of influential business people as “Entrepreneur of the Year” award winners. E&Y’s Entrepreneur Of The Year is highly regarded and past winners come from some of the world’s most prestigious companies. According to E&Y’s website, “Each spring, the business community comes together to celebrate […]
Veracode CTO and Co-Founder Chris Wysopal recently delivered a keynote presentation at RVAsec 2013 in Richmond, VA. Now in it’s second year RVAsec is the first Richmond, VA based security convention that showcases local talent as well as bringing the best speakers to the midatlantic region. Chris has already followed up this speech with a post here on the Veracode blog: ‘Do We Want Military Secrets or Civilian Information Sharing?‘
Recent events suggest that the biggest threat to users of the emerging Internet of Things won’t be buffer overflows or SQL injection, but the pesky “ethical bypass” – legal, but ethically murky efforts by private firms and governments to exploit individuals’ data.
Today marks a special day; the first post in our new series “Application Security Education Spotlight”. In this series we will highlight the exciting world of application security education and hear the perspectives of University faculty across the nation. For our first interview we caught up with Oklahoma State University professor Jim Burkman. At the OSU Spears School of Business, Jim’s main area of research is Information Assurance and Security. Dr. Burkman has his PhD from Indiana University, years of experience in the field, and recently advised the OSU Information Security and Assurance Club to the National Collegiate Cyber Defense Competition.
Last month I gave a keynote at RVAsec in Richmond, VA on the topic of “The Future of Government Info Sharing”. The slides for my talk are available online.
The inspiration for my talk was the a confluence of the DHS announcing their Enhanced Cybersecurity Services and the lack of information available about the root causes of major data breaches. To me these signaled that information sharing is headed in the wrong direction.
Are you a Veracode customer? If so, this post is for you! Our services team is excited to announce a brand new monthly contest we’ll be running aimed at rewarding you for working hard and taking steps to improve your application security posture. Beginning this month, we will be evaluating your usage of our platform and the improvements you make to your Appsec programs and if you do a great job you might be in line for a prize.
When I studied computer science in college, the curriculum wasn’t designed to teach all the different programming languages with the goal of becoming as “multi-lingual” as possible. Instead we focused on conceptual areas — data structures, machine structures, algorithms, etc. The languages with which you chose to illustrate those concepts were secondary to the concepts themselves. I believe most leading research universities emphasize concepts over mechanics in a similar fashion.
2010 was a big year for vendor bug bounty programs. Google announced its program in January with a bounty of $1,337 for high severity security bugs in its Chrome browser. Then in July Mozilla sextupled its bounty to $3000 and the Google program went from “Leet” to “Elite” with an increase of its bounty to $3,133.70. Sensing a trend and a feeling that vendor bug bounties “had arrived” the Veracode research team made one of our 2011 Predictions that Microsoft would jump on the bandwagon too.
Microsoft’s decision to institute a bounty program for software vulnerabilities is historic – but for all the wrong reasons.
What comes to mind when I say the name “Pumpsie Green”? Nothing? OK. How about “Jackie Robinson”?