Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

FedRAMP Certification: The 'New Normal' for Public Sector Agencies?

In the realm of cloud security, public sector agencies have a lot on their plates. From keeping up with the barrage of constantly emerging security guidelines (see below) to the ongoing demands of maintaining software security, the pressure on the government to lock down cybersecurity is immense.

A Look Back at the Executive Order on Cybersecurity

It has officially been one year since the release of the Biden administration’s Executive Order on Cybersecurity, which outlines security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a software bill of materials for the open-source libraries in use so that known vulnerabilities are disclosed and able to be tracked in the future, among other things.

What Is Software Supply Chain Security?

Most software today isn’t developed entirely from scratch. Instead, developers rely on a range of third-party resources to create their applications. By using pre-built libraries, developers don’t need to reinvent the wheel. They can use what already exists and spend time on proprietary code, helping to differentiate their software, finish projects quicker, reduce costs, and stay competitive. These third-party libraries make up part of the software supply chain.

Coded for Safety

Ready to secure government applications? Start with Zero Trust. Trust is the foundation of successful relationships. We want to trust our friends, companies, government, etc., and be trusted in return. But, sometimes mistrust better serves us. A few years ago, the cyber world adopted an approach to security known as trust-but-verify. A simplistic approach, it delivered innovative digital services to consumers – securely and efficiently.

Bridging The Needs Of Security And Development Teams, Veracode Unveils Next-generation Software Security Platform

Veracode announces its Continuous Software Security Platform, which seamlessly embeds application security into the software development lifecycle (SDLC). The platform streamlines workflows by bringing together development and security teams to provide a broad understanding of risk, remediation guidance, and progress at every stage of the development process.

Official Close of TA Investment Sparks Next Step of Veracode Journey

Recently I shared with you our excitement about our agreement with TA Associates (TA) to make a significant growth investment in Veracode. I am pleased to share that the deal is now closed, opening up a tremendous new chapter in Veracode’s journey.

Just Because You Don't Use Log4j or Spring Beans Doesn't Mean Your Application is Unaffected

By now, you’re probably all aware of the recent Log4j and Spring Framework vulnerabilities. As a recap, the Log4j vulnerability – made public on December 10, 2021 – was the result of an exploitable logging feature that, if successfully exploited, could allow attackers to perform an RCE (Remote Code Execution) and compromise the affected server.

Veracode Acquires ML-Powered Vulnerability Remediation Technology From Jaroona GmbH

On the heels of our significant growth investment from TA Associates, we are pleased to announce our acquisition of auto-remediation technology from Jaroona. Jaroona’s intelligent remediation technology accelerates Veracode’s vision and strategy to automatically detect and remediate software vulnerabilities. Jaroona was recognized as a Gartner Inc. 2021 Cool Vendor for DevSecOps.