NYDFS Cybersecurity Regulation Compliance

NYDFS Cybersecurity Regulation Transition Period Ends

March 1, 2018 marks the end of the one-year transition period for the New York Department of Financial Services (NYDFS) cybersecurity regulation. The passage of this date means affected organizations — including banks, insurance companies, and other financial services companies licensed by or operating in New York State — must ... Read More
DevSecOps Barriers and Benefits Research Report

CA Technologies Research Shows Barriers and Benefits of DevSecOps

CA Technologies has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating ... Read More
Biggest Breaches and AppSec News 20917

The Biggest Cybersecurity Stories, Breaches and AppSec Lessons of 2017

The past year featured daily news about cyberattacks, data breaches, and software vulnerabilities. If it feels like our cybersecurity challenges grow bigger and more complex, year after year, it's more than just a perception. Research from security companies, including CA Veracode, shows that there are more attacks than ever, and ... Read More
How Developers Respond to Security Findings by Veracode

AppSec in Review Podcast: How Developers Respond to Security Findings

We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In ... Read More
Get Ready for DevSecOps 2018

5 Ways to Get Developers and Your AppSec Program Ready for DevSecOps in 2018

The importance of application security has increased dramatically over the past couple of years in response to rising threats. Meanwhile, software development is changing fast, with continuous delivery and DevOps adoption continuing to grow. It seems inevitable that the we'll be talking more and more in the coming year about ... Read More
State of Software Security Developer Guide

What Developers Need to Know About the State of Software Security Today

We recently published our annual research report, the State of Software Security, analyzing data from 400,000 application scans over 12 months spanning 2016 and 2017. Now we’re issuing a State of Software Security Developer Guide, featuring additional data and analysis aimed at helping developers meet the goal of creating great ... Read More
OWASP Top 10 2017

OWASP Top 10 Updated for 2017: Here’s What You Need to Know

For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the ... Read More
Welcome to the Veracode Community

How to Connect With AppSec and Developer Peers in the Veracode Community

Security professionals and developers have different roles, responsibilities, and skills, but a common goal in securing applications. Yet there aren't many places to connect with peers, who are among your best resources for solving AppSec and DevSecOps challenges. That's why we created the Veracode Community. The Veracode Community is a ... Read More
State of Software Security 2017: What's in the Report

What’s New in the State of Software Security 2017 Report

In the past year, we’ve seen an unprecedented series of cyber assaults on democratic elections, ransomware attacks that spread around the world affecting hundreds of thousands of systems in more than 150 countries, and record-breaking data breaches. If we’re going to address this growing crisis effectively, we need a probing ... Read More
Component risk

How Third-Party and Open Source Components Build Hidden Risk Into Software

Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As ... Read More