Building trust in government is both my passion and part of my character. Last year, when I found myself contemplating my next career move, I knew that I wanted to be at an innovative company devoted to rebuilding trust in federal agencies. It didn’t take long for me to realize that Veracode and I were a perfect fit. Immediately I saw how the company’s mission and innovative application-security technology aligned with my values.

Throughout my career, I’ve seen a lot of change in the realm of cybersecurity. Whether in private- or public-sectors, from pre- to post-pandemic, I’ve witnessed the struggles of agencies coming to terms with digital transformation and cybersecurity. What I’ve found is that federal agencies are expected to keep pace with their civilian counterparts while abiding by mandates to add an extra layer of security to digital operations.

Documenting flaws that you don't prioritize today will save you time should they become high-severity flaws in the future. Here's the best way to approach them. The topic of mitigations is a commonplace source of questions and discussion for our Application Security Consulting group.

This is the second of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. Be sure to look out for our upcoming blogs on each of the five principles. It’s no exaggeration to say that IT and application security teams from all organizations are facing a perfect storm.

In 2021, manufacturing became cybercriminals’ most targeted industry as a surge in global ransomware attacks disrupted manufacturing operations and exacerbated supply chain woes. This put even more pressure on manufacturing organizations that were already feeling the heat. Recognizing that ransomware attacks can stem back to software vulnerabilities, many manufacturers are exploring ways to strengthen their software security programs.

If you’re responsible for security, then you know how useful it is to have clearly-defined security policies that are simple to implement, scale, and verify. Product and AppSec teams know that great security policies empower teams to work autonomously so that work moves forward as it should. However, validating that your security policies are actually implemented is difficult.

As head of the product department at Azalea Health, I need to understand what our market needs. Based on the conversations that we've had with hospitals and clinics, enterprise-grade security is something they desperately need but rightfully expect their EHR system to provide. That’s why it’s important for our organization to take the responsibility of securing health data off their shoulders.

It’s that time of year again: October is Cybersecurity Awareness Month. At the very least, it serves as an annual reminder to check your security posture, both at work and at home. But I figured that it also might be a good time to take a closer look at more specific topics over the course of the month. I will do my best to stay out of the weeds, but this is important for all of us to be aware of.

This is the first of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. Be sure to look out for our upcoming blogs on each of the five principles. The COVID-19 pandemic accelerated the digitalization plans for global organizations by three years, while the adoption rate for digitized products and services increased by seven years.

Security is the biggest threat facing organizations that strive for faster software delivery. Organizations are witnessing increasing attacks due to application code gaps and security weaknesses. According to a Forrester report, software security flaws accounted for cyberattacks in about 47% of organizations.

A recent report suggests that 700,000 new cybersecurity professionals have joined the market since 2020. But still, we are nowhere near closing the talent gap. LinkedIn shows only about +3k people with the "Application Security Engineer" job title. Let's dive into the world of application security.

When it comes to building secure cloud-native applications, the baseline is choosing a secure container image. Docker defines a container as “a standard unit of software that packages up code and all its dependencies, so the application runs quickly and reliably from one computing environment to another.” The problem is, they’re often a pain point for many developers.

Snyk, the leader in developer security, is excited to share that we’ve been named a Customers’ Choice in the 2022 Gartner Peer Insights ‘Voice of the Customer’: Application Security Testing. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding overall rating, user interest, and adoption.

October is Cybersecurity Awareness Month, established back in 2004 by the Office of the U.S. President and the U.S. congress. Led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), the initiative helps both individuals and enterprises make smarter, more informed security decisions.

It’s 2022 and as we all know, the world is a very different place. However, one thing that has not changed is the importance of cybersecurity. In fact, it’s more important now than ever before, as the SolarWinds hack and Executive Order prove. That’s why for Cybersecurity Awareness Month this year, we asked cybersecurity pioneers and leaders to get their insights on staying cyber safe. Here are their thoughts on CISA’s 4 Things You Can Do to See Yourself in Cyber.

We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s when we realized: modern application security programs are different. They run on CODEfidence. Let me explain.

The reason organizations are embracing cloud-native development is clear: AWS reports those who migrated saw an average of 20% infrastructure cost savings and 66% increase in administrator productivity. Moving your development process to the cloud offers these benefits and many others, but it also offers a whole new set of security challenges. This series is aimed at helping developers create secure infrastructure for modern, cloud-native applications.

The Broadway Tower in Worcestershire, England is a famous structure. It’s inspiring, beautiful, and at 62 feet high, like other similar buildings, it’s a folly. While it looks grand inside and out, it serves no purpose than to be a decoration. It’s all too easy to buy a set of policies and procedures, change the company name and some other details, then present it as an application development and security program.