
Veracode Security Blog
6,257 FOLLOWERS
Level up your appsec knowledge with research, news, and guidelines for enterprise application security programs from the world-class minds at Veracode.
Veracode Security Blog
1M ago
The rise of emerging open-source threats presents a growing risk to organizations as attackers increasingly exploit vulnerabilities in widely used libraries, frameworks, and tools. In fact, most Software Composition Analysis (SCA) tools on the market today are unable to keep up with the volume of new overtly malicious activities in the open-source ecosystem. To address the critical threat, I’m excited to announce Veracode’s acquisition of Phylum Inc.’s technology to advance our capabilities in securing software supply chains. The addition of Phylum will help the market’s ability to ..read more
Veracode Security Blog
2M ago
How does the exponential advancement of technology impact the security landscape? It makes managing the fundamental risk of the technology, the software, exponentially more complex. From AI accelerating risky code production to cloud infrastructure increasing the attack surface, the world of application risk management is enduring a rapid transformation that needs immediate attention. Here are my predictions for 2025 and how to ride this wave of transformation to security as an enabler of progress rather than a barrier. 1. Exponentially Complex Risk Will Make Context Everythi ..read more
Veracode Security Blog
2M ago
In our hyper-connected reality, software applications are the unsung heroes of business operations. But, let's face it, with great tech comes great vulnerability to cyber shakedowns and data leaks. This begs the question: “Is scanning enough to manage risk?” Organizations are playing a high-stakes game of keeping their apps secure to safeguard their secrets. Let’s explore how to enhance application security by not only identifying vulnerabilities but also by prioritizing these threats, giving teams a playbook with the Next Best Actions to understand the root cause analysis of flaws and tacklin ..read more
Veracode Security Blog
2M ago
Are you getting the results you want from your application security (AppSec) program? Discovering the return on investment (ROI) is a great start, but how should you go about calculating that? That’s where our recently commissioned Total Economic Impact™ (TEI) study conducted by Forrester Consulting comes in. We’re thrilled and deeply grateful to share these customer stories with you. Here are the key benefits realized by organizations leveraging the Veracode Application Risk Management Platform. Unveiling the ROI: A Significant 184% The Forrester Consulting TEI study ..read more
Veracode Security Blog
2M ago
Software development teams face a constant dilemma: striking the right balance between speed and security. How is artificial intelligence (AI) impacting this dilemma? With the increasing use of AI in the development process, it's essential to understand the risks involved and how we can maintain a secure environment without compromising on speed. Let’s dive in. The Need for Speed Speed is of the essence. Organizations are constantly striving to deliver code faster and innovate quickly to stay ahead of the competition. This need for speed has led to the adoption of AI and large lang ..read more
Veracode Security Blog
3M ago
The European Union has taken a significant step by introducing a directive to update the EU’s civil liability law that extends the definition of "defective products" to include software. These pivotal liability rules hold manufacturers accountable for harm caused by software vulnerabilities, urging them to prioritize cybersecurity and compliance. Here’s how manufactures should think about navigating these new compliance challenges. The Redefinition of “Defective Products” The redefinition of "defective products" under the EU software liability directive marks an important shift in ..read more
Veracode Security Blog
3M ago
In a digital world that’s evolving faster than ever, industry landscapes are shifting, and customer needs are becoming more complex. At Veracode, we recognize these fundamental changes in the application security space. That’s why Veracode strategically acquired Longbow Security, now rebranded as Veracode Risk Manager. This pivotal move brings Application Security Posture Management (ASPM) into our suite of offerings, transforming us from a leader in world-class code testing to a comprehensive platform that delivers unified risk management from code to cloud. Join us as we explore what t ..read more
Veracode Security Blog
4M ago
Organizations face an increasing number of software security threats that can compromise their sensitive data and disrupt business operations. To effectively manage these risks and enhance their security posture, it’s crucial for organizations to adopt modern application risk reduction strategies that not only mitigate potential vulnerabilities but also provide clear, actionable next steps and insights for reporting purposes. In the journey to mitigate software risks by 75%, the 2024 Forrester Consulting TEI study, commissioned by Veracode, outlines a robust 3-year strategic plan, based ..read more
Veracode Security Blog
4M ago
If you’re an avid reader of Application Security surveys, analyst papers, or incident reports, you may have concluded that the biggest issue most organizations have with application security is NOT finding the flaws in their codebase, but is, in fact, finding ways to remediate them while also creating new applications and updates, oh and keeping the lights on. Many organizations are drowning in security debt. Worse, every innovation that helps new code get created faster — like AI coding assistants - is just adding to it. What they have been asking us for are more and more ways to accele ..read more
Veracode Security Blog
4M ago
Insecure software is significantly impacting our world. In a recent statement, CISA Director Jen Easterly declared: “Features and speed to market have been prioritized against security, leaving our nation vulnerable to cyber invasion. That has to stop... We are at a critical juncture for our national security.” Our State of Software Security 2024 report explores a key area this trade-off of speed to market prioritized against security has resulted in: security debt. Our data shows that nearly half of organizations have persistent, high-severity flaws that constitute critical security deb ..read more