Collaborate Disseminate
More than half of all security findings (56%) are fixed, but a focus on fixing new findings while neglecting aging flaws leads to increasing security debt, according to Veracode research. After analyzing more than 85,000 applications across more than 2… Continue reading Chance that flaws will ever be dealt with diminishes the longer they stick around
Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, according to a Veracode report. 451 Research conducted survey from December 2018 to… Continue reading Disclosing vulnerabilities to improve software security is good for everyone
The Software Assurance Forum for Excellence in Code (SAFECode) announced that Accenture, Splunk and United Technologies joined SAFECode as new Associate Members, and Veracode rejoined the organization as an Associate Member. SAFECode is a non-profit, g… Continue reading Accenture, Splunk and UTC join SAFECode, Veracode rejoins the organization
Roughly 28 million users have downloaded a malicious version of a popular open source framework that masquerades as the real thing, but in fact gives a hackers a back door into applications. A compromised version of the website development tool bootstrap-sass was published to the official RubyGems repository, a hub where programmers can share their application code. The open source security firm Snyk alerted developers to the issue Wednesday, advising users to update their systems away from the infected framework (version 3.2.0.3). “That doesn’t mean there are something like 27 million apps out there using this,” said Chris Wysopal, chief technology officer at app security company Veracode. “[But] when you’re using open source packages to build your applications, you’re inheriting many of the vulnerabilities. … But bootstrap-sass is a popular component used by enterprises and startups so there’s potentially thousands of applications affected by this.” While the vulnerability is serious — hackers […]
The post Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution appeared first on CyberScoop.
RSA Conference 2019 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Here are a few photos from the Expo floor. Featured vendors include: Zscaler, Corero Network Security, Z… Continue reading Photo gallery: RSA Conference 2019 Expo, part three
It’s starting to happen. Amid a flurry of mergers and acquisitions, the cybersecurity industry is embarking on a path of consolidation that analysts predict will result in the existence of far fewer companies within just a few years. Thousands of cybersecurity vendors are in the marketplace, offering services ranging from anti-phishing and malicious software analysis to threat detection that relies on artificial intelligence technology. The number of companies will reduce by half within five to seven years, as many existing firms are acquired by larger players, and others simply go out of business, said Bill Crowell, a partner at the venture capital firm Alsop Louie Partners. “Cyber defense is about having an integrated set of tools that work together to prevent attacks,” said Crowell, a former deputy director of the U.S. National Security Agency. “But the industry now has a thousand points of light and no illumination. It’s as if […]
The post Consolidation is coming for the cybersecurity industry appeared first on Cyberscoop.
Continue reading Consolidation is coming for the cybersecurity industry
Symantec boosts security with Javelin Networks, ThreatQuotient integrates Verified Breach Intelligence from Visa, FireMon delivers hybrid cloud security with new visibility and orchestration, StackPath partners with Sectigo, and we have some acquisitio… Continue reading Symantec, Veracode, & Thoma Bravo – Enterprise Security Weekly #114
Thoma Bravo, an American private equity firm, announced on Monday that it is purchasing application security testing company Veracode from Broadcom for $950 million in cash. Based in Burlington, Massachusetts, Veracode is a software-as-a-service (SaaS) company that helps software developers detect security issues in their applications at various points in the software development cycle. Thoma Bravo and Veracode said in a press release that the acquisition is meant to further Vercaode’s “future operational and product development plans.” “Partnering with Thoma Bravo, a proven security software investor, is expected to extend our market reach and further fuel our innovation so that we can offer the broadest software security platform and empower us to accelerate growth — all to allow us to transform the way companies achieve their software security goals,” said Sam King, currently Veracode’s senior vice president and product manager, and CEO-to-be when the deal is done. Veracode hasn’t been […]
The post Veracode sold to Thoma Bravo for $950 million appeared first on Cyberscoop.
Continue reading Veracode sold to Thoma Bravo for $950 million
A new study from CA Veracode includes promising signs that DevSecOps is facilitating better security and efficiency, and provides the industry with the company’s first look at flaw persistence analysis, which measures the longevity of flaws after first… Continue reading Companies implementing DevSecOps address vulnerabilities faster than others
Peter Chestna is the Director of Developer Engagement Veracode. He comes on the show to talk about the article he wrote called “The 3 Ways of DevSecOps”. Full Show Notes Follow us on Twitter: https://www.twitter.comsecurityweekly
The post P… Continue reading Peter Chestna, Veracode – Application Security Weekly #19