DevSecOps Challenges From a Security Perspective

DevSecOps Challenges From a Security Perspective

The transition from DevOps to DevSecOps requires security professionals to have a whole new understanding of development processes, priorities, tools, and painpoints. It’s no longer feasible for security professionals to get by with a superficial understanding of how developers work. But this understanding can be a significant undertaking for most ... Read More
Using Benchmarks to Make the Case for AppSec

Using Benchmarks to Make the Case for AppSec

In a recent Veracode webinar on the subject of making the business case for AppSec, Colin Domoney, DevSecOps consultant, introduced the idea of using benchmarking to rally the troops around your AppSec cause. He says, “What you can do is you can show where your organization sits relative to other ... Read More
State of Software Security v10: Top 5 Takeaways for Security Professionals

State of Software Security v10: Top 5 Takeaways for Security Professionals

It’s the 10th anniversary of our State of Software Security (SOSS) report! This year, like every year, we dug into our data from a recent 12-month period (this year we analyzed 85,000 applications, 1.4 million scans, and nearly 10 million security findings), but we also took a look back at ... Read More
Announcing the 10th Volume of our State of Software Security Report

Announcing the 10th Volume of our State of Software Security Report

Today marks a big milestone for Veracode, and for the application security industry – we’re releasing the 10th volume of our State of Software Security (SOSS) report. 10 SOSS reports and 80,000+ apps later, we’ve accumulated a lot of data, and a lot of insights, about application security trends and ... Read More
Beyond Testing: The Human Element of Application Security

Beyond Testing: The Human Element of Application Security

Companies of every size and in every industry are changing the world with software. From healthcare to agriculture, education, and manufacturing, software is enabling unprecedented advancement and innovation. But if that software is insecure, these innovations may get held up, or worse, put us at risk. And this is a ... Read More
Making the Case for AppSec? Break Down Your Budget

Making the Case for AppSec? Break Down Your Budget

The bottom line on corporate decision-making comes down to the bottom line. It’s critical to demonstrate value for any new or expanded initiative. Fall short, and your odds of success are greatly diminished. How do you build the financial case for more robust AppSec, when the focus is on the ... Read More
Know Your Audience to Make the Case for AppSec

Know Your Audience to Make the Case for AppSec

|
Selling senior-level executives on any new concept can often feel like a trek up a mountain with a 60-pound pack on your back. So, how can you take your application security program to a new and better level with less effort? You focus on what’s really important: getting the right ... Read More
Why Are Schools Increasingly Targeted by Cyberattackers?

Why Are Schools Increasingly Targeted by Cyberattackers?

|
Schools, including universities, are increasingly becoming cyberattack targets. Just this month, the Monroe-Woodbury school district in Orange County, NY had to delay the start of school due to cyberattacks. And this incident was only one of a handful of cyberattacks on New York state school districts this summer. One school ... Read More
Key Ways to Make the Case for AppSec Budget

Key Ways to Make the Case for AppSec Budget

Security departments are juggling a multitude of security initiatives, and each is competing for a slice of one budget. How do you make the case that AppSec deserves a slice of that budget pie, or a bigger slice, or even to make the pie bigger? Here are a few key ... Read More
Key Considerations for Secure Coding Training

Key Considerations for Secure Coding Training

Developer training has an essential role in reducing code vulnerabilities and avoiding a breach. Effective application security requires both locating security-related defects, and fixing them. But developers simply aren’t equipped with the knowledge or skills they need to fix these flaws. Veracode recently sponsored the 2017 DevSecOps Global Skills Survey ... Read More