Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new era of software engineering is emerging, with artificial intelligence (AI) at the forefront. As the 2025 Gartner Innovation Insight for AI-Native Software Engineering report states: “AI-native software engineering will require software engineering leaders to mitigate new risks and tackle new challenges.” Here are the key insights and perspectives that will help you navigate the new normal.

Another year, another Black Hat USA. And what a show it was as thousands descended on the Entertainment Capital of the World. The conference returned to the Mandalay Bay Convention Center in Las Vegas with a packed six-day program, kicking off with four days of specialized cybersecurity trainings, followed by the main expo on August 6-7.

Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to measure and motivate development teams, policy compliance doesn’t give you the granularity to introduce gamification or incentives.

C/C++ development is notorious for its challenges: complex builds, limited tool compatibility, and frustratingly long scan times. But what if you could cut through the noise, streamline your security testing, and achieve unparalleled accuracy? Imagine a solution that not only simplifies your workflow but also delivers precise, actionable results without the false positives that slow you down. With Veracode’s C/C++ Scanning, you can.

Security debt is a pervasive challenge affecting organizations of all sizes, and it’s only growing. According to the 2025 State of Software Security Report (SoSS), 74% of organizations have accrued security debt, with nearly half of this security debt being critical in nature. This accumulation of unresolved flaws, especially severe ones, poses long-term risks to an organization’s resilience and effectiveness.

The recent revelation of a critical vulnerability in Base44, a prominent vibe coding platform, has spotlighted the intricate relationship between innovation and security in AI-assisted development. Researchers at Wiz uncovered a flaw in the platform that allowed unauthorized access to private enterprise applications, exposing sensitive data and raising urgent questions about the security of vibe coding practices.

If you think AI-generated code is saving time and boosting productivity, you’re right. But here’s the problem: it’s also introducing security vulnerabilities… a lot of them. In our new 2025 GenAI Code Security Report, we tested over 100 large language models across Java, Python, C#, and JavaScript. The goal? To see if today’s most advanced AI systems can write secure code. Unfortunately, the state of AI-generated code security in 2025 is worse than you think.

The adage ‘an ounce of prevention is better than a pound of cure’ applies to AppSec vulnerability management. Traditionally, AppSec has focused on a reactive ‘curing flaws’ paradigm, identifying and fixing vulnerabilities after they have occurred. However, the never-ending escalation between threats and security leads to alert fatigue and security debt.

We’re thrilled to share some exciting news that truly validates our mission to secure the world’s software: Veracode has been recognized as a leading vendor in both Static Analysis (SAST) and Software Composition Analysis (SCA) in the June 2025 VDC Research Vendor Impact Awards! What makes this recognition even more significant is that these awards are based on aggregated ratings from VDC Research’s global “Voice of the Engineer” survey.

Software security vulnerabilities in healthcare, finance, energy, and other critical infrastructure industries have far-reaching consequences across global supply chains and markets. Highly regulated industries face complex attack vectors and require a broader defense-in-depth strategy to effectively manage application risk. That’s where the right Application Security Posture Management (ASPM) tool comes in.