cwysopal@veracode.com (cwysopal), Author at Security Boulevard

Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code

On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. The order, which outlines security initiatives and timelines, calls for the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to enhance the security of the software supply chain.   One of NIST’s ... Read More
Live From RSAC: Anne Neuberger Addresses President Biden’s Executive Order on Cybersecurity

Live From RSAC: Anne Neuberger Addresses President Biden’s Executive Order on Cybersecurity

Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, addressed President Biden???s executive order at the virtual RSA Conference this week. The executive order, announced on May 12, 2021, aims to safeguard U.S. cybersecurity and modernize cybersecurity defenses. As Neuberger explains, this executive order couldn???t come at a ... Read More
A Closer Look at the Software Supply Chain Requirements in the Cybersecurity Executive Order

A Closer Look at the Software Supply Chain Requirements in the Cybersecurity Executive Order

Software security is a big focus of the Biden administration???s recentツ?executive orderツ?on cybersecurity. In fact, an entire section, or 25 percent, of the order is dedicated to software security requirements. In the wake of the SolarWinds cyberattack, the security of the software supply chain is clearly top of mind at ... Read More
New Cybersecurity Executive Order: What You Need to Know

New Cybersecurity Executive Order: What You Need to Know

Last night, the Biden administration released an executive order on cybersecurity that includes new security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a bill of materials for the open source libraries in use, so known vulnerabilities are ... Read More
Recent Pipeline Attack Highlights Our Vulnerable Infrastructure

Recent Pipeline Attack Highlights Our Vulnerable Infrastructure

On Thursday, May 6, Colonial Pipeline, which operates a pipeline that delivers gasoline and jet fuel to nearly 45 percent of the U.S. East Coast, fell victim to a ransomware attack. The attack took over 100 gigabytes of data hostage, causing the company to halt all pipeline operations and shut ... Read More
SQLite Vulnerability May Be Putting Your Applications at Risk

SQLite Vulnerability May Be Putting Your Applications at Risk

|
Late last week, Tencent announced that researchers from its Blade Team had discovered a remote code execution (RCE) vulnerability in SQLite, dubbed Magellan. SQLite is a very popular embedded SQL server. It is one of the components inside many thousands of applications, including the Google Chromium browser. Google has since ... Read More
Veracode at Black Hat Europe 2018

Veracode at Black Hat Europe 2018

|
We recently published the 9th volume of our State of Software Security (SoSS) report, and although there are some bright spots, the overall state of software security remains a work in progress. Nowhere is this more true than in Europe. In separate research conducted earlier this year, we found that ... Read More
What About the Testing You Can't Automate?

What About the Testing You Can’t Automate?

The shift to DevSecOps is altering the security role in some fundamental ways. We’ve seen this new environment changing not only the security team’s tasks and responsibilities, but also their mindset. Specifically, the security team has had to shift from thinking like a “breaker” to thinking like a “builder.” Rather ... Read More
Looking Ahead to RSA: Why AppSec Will Take Center Stage

Looking Ahead to RSA: Why AppSec Will Take Center Stage

RSA Conference is unquestionably the biggest security event of the year. With so many companies showcasing the latest and greatest in security technology and solutions, it’s very difficult to stand out amongst the crowd. However, in light of recent headlines, it’s evident that securing the software that powers our digital ... Read More
Spring Break vulnerability

How to Prevent a Breach From Spring Break

Spring Break, the latest named vulnerability, is more serious than the moniker implies. Spring Break is a critical remote code execution vulnerability in Pivotal Spring REST, one of the the most popular frameworks for building web applications, and the effects of this vulnerability are widespread. A patch for Spring Break ... Read More