State of Software Security v11: Key Takeaways for Developers
We recently released volume 11 of our annual State of Software Security (SOSS) report, which analyzes the security activity and history of applications Veracode scanned during a one-year period. Giving us a view of the full lifecycle of applications, that data tells us which languages and vulnerabilities to keep an ... Read More
Healthcare Orgs: What You Need to Know About TrickBot and Ryuk
In late October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) co-authored an advisory report on the latest tactics used by cybercriminals to target the Healthcare and Public Health (HPH) sector. In the report, CISA, FBI, ... Read More
Watch Here: How to Build a Successful AppSec Program
Cyberattackers and threat actors won???t take a break and wait for you to challenge them with your security efforts ??? you need a proactive application security (AppSec) program to get ahead of threats and remediate flaws quickly. It???s critical that you stand up an AppSec program covering all the bases, ... Read More
Veracode Makes DevSecOps a Seamless Experience With GitHub Code Scanning
Developers face a bevy of roadblocks in their race to meet tight deadlines, which means they often pull from risky open source libraries and prioritize security flaws on the fly. In a recent ESG survey report, Modern Application Development Security, we saw that 54% of organizations push vulnerable code just ... Read More
Watch Here: Using Analytics to Measure AppSec ROI
Maximizing the value of your application security (AppSec) analytics not only provides a window into whether or not you???re meeting security requirements but also it helps you prove your ROI. That can be a challenge for a lot of organizations ??? when stakeholders are not close to the data, they ... Read More
16% of Orgs Require Developers to Self-Educate on Security
Theoretical physicist Stephen Hawking was spot on when he said, ???Whether you want to uncover the secrets of the universe, or you just want to pursue a career in the 21st century, basic computer programming is an essential skill to learn.??? It???s no secret that programming is a thriving career ... Read More
43% of Orgs Think DevOps Integration Is Critical to AppSec Success
It???s no secret that the rapid speed of modern software development means an increased likelihood of risky flaws and vulnerabilities in your code. Developers are working fast to hit tight deadlines and create innovative applications, but without the right security solutions integrated into your processes, it???s easy to hit security ... Read More
How 80% of Orgs Can Overcome a Lack of Training for Developers
Developer security training is more critical than ever, but data shows us that the industry isn???t taking it quite as seriously as it should. A recent ESG survey report, Modern Application Development Security, highlights the glaring gaps in effective developer security training. In the report, we learned that only 20 ... Read More
Breaking Down Risky Open Source Libraries by Language
You work hard to produce quality applications on tight deadlines, and like every other development team out there, that often means relying on open source code to keep projects on track. Having access to plug-and-go code is invaluable when you???re racing the clock, but the accessibility of open source libraries ... Read More
Man vs. Machine: Three-Part Virtual Series on the Human Element of AppSec
In 2011 when IBM???s Watson supercomputer went up against ???Jeopardy??? icon Ken Jennings, the world watched as a battle of man vs. machine concluded in an impressive win for Watson. It wasn???t simply remarkable that Watson could complete calculations and source documents quickly; the real feat was the brainpower it ... Read More
