First Prioritize, Then Patch: Yes, Another Blog on PCI 3.0

In November’s update to PCI DSS, now on version 3.0, you may have noticed that the PCI Security Council switched the order of the first two application security focused sub-requirements. Requirement 6.1 now focuses on establishing ongoing best practices, while 6.2 moves on to patching and remediation efforts. Some of our customers have questioned the […]

Video Survey: Limitations of On-Premises Software Versus Cloud Solutions

Cloud computing has been around for decades and many of the most widely used platforms today are cloud solutions. Google, Amazon, Microsoft, IBM, Salesforce, Oracle, and Zoho are among some of the most well-known cloud vendors offering cloud-based solutions. If you use the internet on a regular basis chances are, you’re already a cloud consumer. […]

I Like the Monster!

Our corporate “Monster In Your Corner” theme really landed with me — when was the last time you heard the EVP of Development say something like that about a marketing campaign? Here’s why. The “Monster in your corner” means you have the full force of Veracode’s scalable cloud-based service in your corner — backed by […]

Secure Agile Q&A: Scale, Continuous Integration and Policies

Last week I took some time to answer viewer questions from my webinar, “Secure Agile Through Automated Toolchains: How Veracode R&D Does It”. This is my second post to respond to questions from the webinar so if you haven’t yet read the the first one check it out here. My first post focused on questions […]

Cloud or Not – Third-Party Software Adds Unnecessary Risk

There’s been some discussion regarding the Cloud Could Triple Odds of $20M Data Breach research findings by Ponemon – so I thought I would weigh in on this issue. Risky software, regardless of deployment method, is what is adding unnecessary risk to organizations. This is especially true with third-party applications – again, whether these acquired […]

Veracode Platform Release Notes 2014.5

Welcome to 2014.5! The fifth Veracode platform release of 2014, which focuses on improved coverage and scanning ease of use for Veracode customers. It adds static coverage for Android 4.4 applications and .NET applications using Telerik, improves static coverage for iOS and Ruby applications, and improves the coverage of Discovery by adding copyright identification. Additionally, […]

Improving Software Security Through Vendor Transparency

According to Gartner, enterprises are getting better at defending traditional network perimeters, so attackers are now targeting the software supply chain. This has made third-party software – including commercial and outsourced applications, third-party frameworks and open source code — the new perimeter for every enterprise. Last month, I had the privilege of moderating a session […]

Why Did the Chicken Cross the Road? To Get Its 3rd-Party Applications Secured!

In the revisions to PCI DSS, now on version 3.0, the PCI Security Council added a note to Requirement 6.3, extending the secure software development mandate to include all custom, third-party developed software. At Veracode, we’ve been talking about the need to secure your third-party code for quite some time now, so we’re excited to […]

1 2 3 4 68