Software supply chain security risks are mounting. As noted in Veracode’s State of Software Security (SoSS) report, organizations of all sizes are drowning in security debt, and a large portion of the critical debt can be attributed to third-party vulnerabilities.

AI coding assistants like GitHub Copilot are transforming the way developers write software, boosting productivity, and accelerating development cycles. However, while these tools generate code more efficiently, they also introduce new risks more efficiently—potentially embedding security vulnerabilities that could lead to severe breaches down the line. What is your plan for reducing risk from the vast amount of insecure code coming through agentic AI in software development?

The Digital Operational Resilience Act (DORA) is a landmark regulation designed to enhance the digital resilience of financial institutions in the EU. Effective from January 17, 2025, DORA mandates the development and maintenance of a robust ICT risk management framework. Here’s an overview of the five pillars and how the right software security measures can help you comply.

The Latin “vera” indicates truth or reality. When Veracode was founded, this was the essence of our focus – finding truth in code. And specifically, binaries; hence the original brand rooted with the “01”. Seventeen years later, we remain committed to our vision – a World where software is developed secure from the start – but to do so today, we are expanding our view, solidifying our point of view, and modernizing how you see us.

The rise of emerging open-source threats presents a growing risk to organizations as attackers increasingly exploit vulnerabilities in widely used libraries, frameworks, and tools. In fact, most Software Composition Analysis (SCA) tools on the market today are unable to keep up with the volume of new overtly malicious activities in the open-source ecosystem.

How does the exponential advancement of technology impact the security landscape? It makes managing the fundamental risk of the technology, the software, exponentially more complex. From AI accelerating risky code production to cloud infrastructure increasing the attack surface, the world of application risk management is enduring a rapid transformation that needs immediate attention.

The European Union has taken a significant step by introducing a directive to update the EU’s civil liability law that extends the definition of "defective products" to include software. These pivotal liability rules hold manufacturers accountable for harm caused by software vulnerabilities, urging them to prioritize cybersecurity and compliance. Here’s how manufactures should think about navigating these new compliance challenges.

In a digital world that’s evolving faster than ever, industry landscapes are shifting, and customer needs are becoming more complex. At Veracode, we recognize these fundamental changes in the application security space. That’s why Veracode strategically acquired Longbow Security, now rebranded as Veracode Risk Manager.

In our hyper-connected reality, software applications are the unsung heroes of business operations. But, let's face it, with great tech comes great vulnerability to cyber shakedowns and data leaks. This begs the question: “Is scanning enough to manage risk?” Organizations are playing a high-stakes game of keeping their apps secure to safeguard their secrets.

Organizations face an increasing number of software security threats that can compromise their sensitive data and disrupt business operations. To effectively manage these risks and enhance their security posture, it’s crucial for organizations to adopt modern application risk reduction strategies that not only mitigate potential vulnerabilities but also provide clear, actionable next steps and insights for reporting purposes.