Collaborate Disseminate
LogRhythm named leader in Gartner magic quadrant, new report from CA Veracode, Fortinet launches Operational Technology Security platform, things to focus on in 2018, and more enterprise security news! Enterprise News LogRhythm named leader in Gartner … Continue reading LogRhythm, Fortinet, and RiskSense – Enterprise Security Weekly #72
“Come to my lab, I promise you’ll learn something cool,” a friend told Chris Eng. Within a couple of hours, he had walked him through writing an exploit for an obscure Linux bug, and Eng was hooked on the idea that one could leverage a programming error to gain root privileges on the system. Chris Eng, photo by Brendan Stewart He spent the next year or so learning more about finding and exploiting software vulnerabilities … More → Continue reading Chris Eng: An infosec journey from offense to defense
Veracode announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by a base of more than 1,400 customers. Among other industry trends such as vulnerability fix rates and percent of applications with vulnerabilities, the report exposes the pervasive risk from vulnerable open source components. Researchers found that 88 percent of Java applications contain at least one vulnerable component, making them susceptible to widespread … More → Continue reading The pervasive risk of vulnerable open source components
Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software. In fact, according to new research conducted by Enterprise Strategy Group (ESG), 58 percent of survey respondents stated their organization is taking a collaborative approach to securing applications. Growing need for DevSecOps The research aims to determine security and … More → Continue reading DevSecOps: Build a bridge between fast and secure software development
CA Technologies has signed a definitive agreement to acquire Veracode for approximately $614 million in cash. The transaction is expected to close in the first quarter of fiscal year 2018, and is subject to customary closing conditions, including regulatory approvals. The combination of CA’s portfolio with privately-held Veracode will establish CA Technologies as a leader in the Secure DevOps market through the automation and scaling of application security testing (AST) to develop and deploy applications … More → Continue reading CA Technologies acquires Veracode for $614 million
CA Technologies Inc. announced Monday it had purchased the security firm Veracode for $614 million in cash. The move comes two years after Veracode reportedly came close to an IPO and was valued around $800 million. Veracode launched a decade ago to offer developers automated security analysis of applications. CA Technologies, based in New York City, is a $4.5 billion behemoth focused mostly on business-to-business deals, keeping it largely out of the public eye. Veracode made headlines recently when Cloudflare, fresh off a high-profile data leak, announced the Burlington, Mass.-based company would independently audit its code. Veracode co-founder Chris Wysopal was part the hacker think tank L0pht, which in 1998 told the U.S. Senate about the cybersecurity disasters looming as the internet approached ubiquity. The punkish group of hackers were the first — aside from members of federal witness protection programs — to go before Congress using psuedonyms (Wysopal was “Weld Pond”). The group […]
The post Veracode sells to CA Technologies for $614 million appeared first on Cyberscoop.
Continue reading Veracode sells to CA Technologies for $614 million
Nearly half (45%) of NHS trusts scan for application vulnerabilities just once a year, with less only 8% doing so on a daily basis, according to Veracode. This potentially leaves them with outdated software and at an increased risk of a cyberattack, potentially exposing patient data to the wrong hands. The new findings were gleaned from a Freedom of Information (FoI) request submitted to 36 NHS trusts, with 27 responding. The responses also revealed 50% … More → Continue reading Irregular application testing: App security in healthcare
Software is becoming increasingly important for market success, driving an ever greater need for speed in the development process. The rapid adoption of DevOps is testimony to this shift, with agile development no longer making the grade for many companies. Accelerating time-to-market is of increasing importance for developers, with over a quarter of British and German development operations managers stating that meeting budget and delivery schedules is their top concern in a recent survey conducted … More → Continue reading Redefining the role of security in software development
Despite showing moves toward earlier and more frequent security testing throughout the development process, there are still hurdles development and security teams must overcome when it comes to securing applications, according to Veracode. Increased recognition, earlier testing According to the survey, 40 per cent of developers are incorporating securing testing during the programming stage, and 21 per cent identify the design stage as the point at which security testing is completed. Testing early in the … More → Continue reading What developers and managers are saying about application security challenges
The continued and persistent use of components in software development is creating systemic risk in our digital infrastructure. A new Veracode report also found that companies achieve accelerated benefits when their application security programs reach maturity. These finding indicate that the growing trend of focusing on digital risk at the application layer and building security into DevOps processes (DevSecOps) can yield great results for organizations in reducing risk without slowing down software development. Analysis revealed … More → Continue reading Proliferation of vulnerable open source components creates growing risk