Secure Agile Q&A: Scale, Continuous Integration and Policies

Last week I took some time to answer viewer questions from my webinar, “Secure Agile Through Automated Toolchains: How Veracode R&D Does It”. This is my second post to respond to questions from the webinar so if you haven’t yet read the the first one check it out here. My first post focused on questions […]

Cloud or Not – Third-Party Software Adds Unnecessary Risk

There’s been some discussion regarding the Cloud Could Triple Odds of $20M Data Breach research findings by Ponemon – so I thought I would weigh in on this issue. Risky software, regardless of deployment method, is what is adding unnecessary risk to organizations. This is especially true with third-party applications – again, whether these acquired […]

Veracode Platform Release Notes 2014.5

Welcome to 2014.5! The fifth Veracode platform release of 2014, which focuses on improved coverage and scanning ease of use for Veracode customers. It adds static coverage for Android 4.4 applications and .NET applications using Telerik, improves static coverage for iOS and Ruby applications, and improves the coverage of Discovery by adding copyright identification. Additionally, […]

Improving Software Security Through Vendor Transparency

According to Gartner, enterprises are getting better at defending traditional network perimeters, so attackers are now targeting the software supply chain. This has made third-party software – including commercial and outsourced applications, third-party frameworks and open source code — the new perimeter for every enterprise. Last month, I had the privilege of moderating a session […]

Why Did the Chicken Cross the Road? To Get Its 3rd-Party Applications Secured!

In the revisions to PCI DSS, now on version 3.0, the PCI Security Council added a note to Requirement 6.3, extending the secure software development mandate to include all custom, third-party developed software. At Veracode, we’ve been talking about the need to secure your third-party code for quite some time now, so we’re excited to […]

NIST Updates Guidance On Securing Software Supply Chains

An updated guide on risk management practices recommends that companies pay more attention to the security of their software supply chain. A draft release of an updated risk management guide from the National Institute of Standards and Technology (NIST) is warning federal agencies and other firms that operate “high impact systems” to pay more attention […]

I Forgot My Wallet. Can I Borrow Yours?

Ever forget your wallet? I do. All the time. If I wasn’t in the security industry, an ability to pay for things with my cell phone (which is never too far from my grasp) would be attractive to me. But LifeLock’s recent move to pull their Mobile Wallet application from the app store and delete […]

Secure Agile Q&A: API’s, IDE’s and Environment Integration

A few weeks back, I hosted a webinar called “Secure Agile Through Automated Toolchains: How Veracode R&D Does It”, and in this webinar I discussed the importance of security testing and how to integrate it into the Agile SDLC. There were so many questions from our open discussion following the webinar that I have taken […]

Heartbleed Still Causing Heartburn on Industrial Systems

An advisory from DHS’s ICS CERT makes clear that ICS vendors are making progress toward fixing Heartbleed, but that customers face a long slog. The good news about the Heartbleed vulnerability in OpenSSL is that most of the major sites that were found to be vulnerable to the flaw have been patched. As has been […]

1 3 4 5 6 7 70