Trends in Open Source Security

Trends in Open Source Security

We recently held a Virtual Summit centered on the topic of open source library use and risk. Mark Curphey, CA Veracode’s VP of Strategy, gave the keynote address on trends in this space. Curphey, who is also the founder of OWASP and previously CEO of SourceClear (recently acquired by CA ... Read More
AppSec Mistake No. 2: Ignoring Open Source Library Use

AppSec Mistake No. 2: Ignoring Open Source Library Use

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the second in a blog series that takes a look at some of the most common mistakes we see that lead to ... Read More
The Art of Secure Code

The Art of Secure Code

We think a high-quality and highly secure app is a work of art. As with any artistic endeavor, it takes creativity, resources, training, and talent to create secure code. Maybe it’s a little bit of stretch to compare your software developers to Picasso, but we would argue that there are ... Read More
AppSec Mistake No. 1: Using Only One Testing Type

AppSec Mistake No. 1: Using Only One Testing Type

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the first in a blog series that takes a look at some of the most common mistakes we see that lead to ... Read More
What Security Pros Will Get Out of Our Summer 2018 Virtual Summit

What Security Pros Will Get Out of Our Summer 2018 Virtual Summit

There has been a fundamental shift in the way code is developed in the past 15 to 20 years. Today, developers do far more re-using of existing code than creating code from scratch. Taking advantage of the millions of open source libraries available has become standard operating procedure. And this ... Read More
What the CA Veracode Verified Continuous Tier Looks Like

What the CA Veracode Verified Continuous Tier Looks Like

We recently announced our CA Veracode Verified program. To better suit the needs of organizations that are producing and updating apps at DevOps speed, we are attesting to the security of the overall development process of an application, rather than to the security of an application at one point in ... Read More
A Closer Look at the CA Veracode SourceClear Solution

A Closer Look at the CA Veracode SourceClear Solution

The days of developers creating every line of code from scratch are over. The intense demand for newer, better software means development speeds have become correspondingly intense. In turn, developers need to rely on the pre-built functionality in open source libraries to keep up. The problem with this practice is ... Read More
Announcing the GA Release of SourceClear Custom Policies

Announcing the GA Release of SourceClear Custom Policies

We are very excited to announce the GA release of SourceClear Custom Policies. Custom Policies improves issue remediation and allows you to take greater control of your software delivery workflow. Why Do You Need Custom Policies? More than ever, development groups are relying heavily on open source software libraries to ... Read More
What the CA Veracode Verified Team Tier Looks Like

What the CA Veracode Verified Team Tier Looks Like

We recently announced our CA Veracode Verified program. To better suit the needs of organizations that are producing and updating apps at DevOps speed, we are attesting to the security of the overall development process of an application, rather than to the security of an application at one point in ... Read More
[VIDEO] Top 5 Tips on Application Security Policies

[VIDEO] Top 5 Tips on Application Security Policies

Policies are a critical part of your application security program; you need them to frame your program, set goals, measure success, and report on progress. But they can also stall your program if they work against, and not with, developer processes and priorities. With the shift to DevOps, and developers ... Read More