Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2020

veracode

State of Software Security v11: Key Takeaways for Developers

Nov 24, 2020 By Meaghan McBee In Veracode

We recently released volume 11 of our annual State of Software Security (SOSS) report, which analyzes the security activity and history of applications Veracode scanned during a one-year period. Giving us a view of the full lifecycle of applications, that data tells us which languages and vulnerabilities to keep an eye on, and how factors like scanning frequency can impact your remediation time.

Read Post
veracode

Healthcare Orgs: What You Need to Know About TrickBot and Ryuk

Nov 19, 2020 By Meaghan McBee In Veracode

In late October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) co-authored an advisory report on the latest tactics used by cybercriminals to target the Healthcare and Public Health (HPH) sector. In the report, CISA, FBI, and HHS noted the discovery of, “…credible information of an increased and imminent cybercrime threat to U.S.

Read Post
veracode

Nature vs. Nurture Tip 1: Use DAST With SAST

Nov 18, 2020 By Hope Goslin In Veracode

When conducting research for this year’s State of Software Security report, we looked at how “nature” and “nurture” contribute to the time it takes to close out a security flaw. For the “nature” side, we looked at attributes that we cannot change, like application size or age. For “nurture,” we looked at application attributes we can change, like security scan frequency and cadence.

Read Post
veracode

Java Crypto Catchup

Nov 16, 2020 By Mansi Sheth In Veracode

In 2017, we started a blog series talking about how to securely implement a crypto-system in java. How to Get Started Using Java Cryptography Securely touches upon the basics of Java crypto, followed by posts around various crypto primitives Cryptographically Secure Pseudo-Random Number Generator (CSPRNG), Encryption/Decryption, and Message Digests. We also released a Java Crypto Module for easier dockerization of injectable modules exposing Crypto services via an API.

Read Post
veracode

In the Financial Services Industry, 74% of Apps Have Security Flaws

Nov 10, 2020 By Hope Goslin In Veracode

Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11 (SOSS) report found that the financial services industry has the smallest proportion of applications with security flaws compared to other sectors, along with the second-lowest prevalence of severe security flaws, and the best security flaw fix rate.

Read Post

Driving the Cybersecurity Agenda with the C-Suite and Boards

Nov 5, 2020 By Veracode In Veracode
Veracode CEO Sam King joins the Advanced Cyber Security Center, the Boston Globe’s Jon Chesto, MassMutual CISO Jim Routh, and State Street CTRO for a fireside chat about the strategic role the C-suite and corporate boards play in cybersecurity. Sam describes why communication between the board, the C-suite, the CISO, and the security team must be frequent to add value from both a governance and compliance perspective.
View Video
veracode

New PCI Regulations Indicate the Need for AppSec Throughout the SDLC

Nov 2, 2020 By Hope Goslin In Veracode

The PCI Security Standards Council (SSC) is a global organization that aims to protect payment transactions and consumer data by developing standards and services for payment software vendors that drive education, awareness, and implementation. Since payment software is constantly changing, the SSC is constantly evolving and adapting its standards to ensure that vulnerabilities and cyberattacks are minimized.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.