The New York Department of Financial Services recently issued proposed regulations for cybersecurity that seek to standardize the way that financial services institutions protect information systems and the business and personal information they manage. Organizations covered by the new cybersecurity regulation include banks and trust companies, insurance companies, mortgage lenders, investment... READ MORE›

Companies that sell software for a living are gradually facing more and more pressure to cough up proof of security for their products. Working on the business development team at Veracode, I’ve seen this tidal wave growing, and my best advice to software vendors is to be proactive. If you learn what to expect and how to answer different attestation requests, you’ll be ahead of many... READ MORE›

The digital innovations used by companies are making it easier for companies to improve their productivity. They also remove barriers for startups to enter new markets and make our everyday lives easier. However, the digital economy comes with challenges and risks. During the fifth installment of Veracode’s Cyber Second Podcast, Brian Fitzgerald, CMO at Veracode discusses the challenges... READ MORE›

Everyone knows security training is important. But many organizations struggle to make security training more effective. At Veracode, we’ve implemented several innovations to make our eLearning platform even more engaging, relevant, user-friendly and fun. Over the past five years, we have continued to add online courses to keep up with the changing climate of threats in the real world,... READ MORE›

If an industry continuously talks about how a trend is going to be a hurdle, it becomes a hurdle. Conversely, if an industry views the trend as an opportunity and talks about it in such terms, thinking shifts toward the potential this trend brings for improvement. We are seeing this phenomenon with DevOps, but not in a good way. Security professionals are talking about the hurdles of securing... READ MORE›

Have a great idea for the most effective way to make life easier for cyberthieves, especially those who are focused on ineffective app security. All you have to do is get one of the most powerful brands in computing to publicly declare a security deadline and then have it quietly withdraw that deadline on the eve of it being effective. For a terrific example of well this can undermine app... READ MORE›

In a previous blog post, we talked about the cost of a “do nothing” AppSec plan. In that blog post, we pointed out that ignoring application security can be a costly move. Why? Because your chance of a breach is very high, and so is the cost incurred from most breaches. In addition, you could now face regulatory fines by ignoring application security. But a “wait and see”... READ MORE›

Third-party application security assurance is an essential part of a mature IT security program. While it’s true that every company today is a software company, the majority of applications within an enterprise’s application portfolio will be developed by third parties – often as off-the-shelf products.  A study by Quocirca found that the average enterprise has roughly 600... READ MORE›

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE›