Technology is a double-edged sword. On one hand, it can make new experiences possible and elevate productivity. On the other hand, it introduces new threats and attack vectors; and it can widen the gap even further between our ability to produce software and our ability to secure it. Getting faster at creating and finding security flaws does not make us faster at fixing them; data shows us that one in four vulnerabilities remain open well over a year after first discovery.

Application security is about so much more than scanning. The Velocity Partner Program aligns Veracode and our Partners as together we deliver application security solutions and services that enable customers to build a secure DevOps program. The Velocity Partner Program empowers our partners in their trusted advisor role to address key security requirements and business challenges customers are facing throughout their application security journey.

In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw.

Staying ahead of the cyberattack curve in a constantly evolving world requires a comprehensive strategy. Today's release of the Biden-Harris Administration's National Cybersecurity Strategy provides an extensive roadmap for impacting both public and private security efforts. In this blog post, we’ll take an in-depth look at three of the most software-related strategic objectives: software liability, open-source software usage, and cybersecurity workforce readiness.