Many high-growth technology startups are pressured to deliver applications to market ahead of fast-moving competitors. It’s all too easy to allow a “we’ll get to that eventually” mentality to creep in when competing priorities appear to force a tradeoff with development velocity. This introduces unnecessary risks, but they can be mitigated by implementing an effective AppSec program that involves the right tools, processes, and mindset.

Veracode was recently recognized by the Commonwealth Institute and Boston Globe Magazine as a Top 100 Women-Led Business in Massachusetts. The honor, which was awarded to Veracode’s CEO, Sam King, is given to female leaders across multiple industries who are at the helm of Massachusetts’ most noteworthy companies. ​

The Open Web Application Security Project (aka OWASP) recently announced its latest updates to the venerable OWASP Top Ten list. This publication is meant to bring attention to the most common classes of software-related security issues facing developers and organizations in the hopes of helping them to better plan for and address potential high-severity issues in their codebases.

Hello, Clint Pollock, principal solutions architect here to explain how to use Veracode completely from a command prompt in your IDE or CI/CD system. I’m going to teach you how to submit a static policy scan and a static sandbox scan. Then, I’m going to clean up some builds using the API, submit a static pipeline scan, a software composition analysis scan, and a dynamic scan … all from the command prompt. Let's get started!

We recently spoke with Amy Berman, Security Strategic Operations Lead at MongoDB about the role of security champions at her organization. For those new to the concept, security champions are developers that have an interest in security and can facilitate collaboration between development and security teams.

It’s always important to take a pause to evaluate your software security – and what better time to do that than during Cybersecurity Awareness Month? To help get you thinking, we’ve compiled a list of cybersecurity trends that are happening now and will likely continue throughout the next several years. 1. Ubiquitous Connectivity: We are quickly moving to a world where everyone and everything is connected. Most software is internet-connected, as are most devices.

Chris Wysopal, Veracode Chief Technology Officer and Co-Founder, recently sat down to discuss the open source supply chain attack on the popular npm repository. Below is the transcript and corresponding video of his reaction. Just a few days ago, we saw a classic open source supply chain attack where someone modified a JavaScript library, UA-Parser-JS, which is in the npm repository.