|
By Brian Roche
AI coding assistants like GitHub Copilot are transforming the way developers write software, boosting productivity, and accelerating development cycles. However, while these tools generate code more efficiently, they also introduce new risks more efficiently—potentially embedding security vulnerabilities that could lead to severe breaches down the line. What is your plan for reducing risk from the vast amount of insecure code coming through agentic AI in software development?
|
By Michael Hughes
The Digital Operational Resilience Act (DORA) is a landmark regulation designed to enhance the digital resilience of financial institutions in the EU. Effective from January 17, 2025, DORA mandates the development and maintenance of a robust ICT risk management framework. Here’s an overview of the five pillars and how the right software security measures can help you comply.
|
By Alexandra Gobbi
The Latin “vera” indicates truth or reality. When Veracode was founded, this was the essence of our focus – finding truth in code. And specifically, binaries; hence the original brand rooted with the “01”. Seventeen years later, we remain committed to our vision – a World where software is developed secure from the start – but to do so today, we are expanding our view, solidifying our point of view, and modernizing how you see us.
|
By Jens Wessling
The rise of emerging open-source threats presents a growing risk to organizations as attackers increasingly exploit vulnerabilities in widely used libraries, frameworks, and tools. In fact, most Software Composition Analysis (SCA) tools on the market today are unable to keep up with the volume of new overtly malicious activities in the open-source ecosystem.
|
By Brian Roche
How does the exponential advancement of technology impact the security landscape? It makes managing the fundamental risk of the technology, the software, exponentially more complex. From AI accelerating risky code production to cloud infrastructure increasing the attack surface, the world of application risk management is enduring a rapid transformation that needs immediate attention.
|
By Chris Wysopal
The European Union has taken a significant step by introducing a directive to update the EU’s civil liability law that extends the definition of "defective products" to include software. These pivotal liability rules hold manufacturers accountable for harm caused by software vulnerabilities, urging them to prioritize cybersecurity and compliance. Here’s how manufactures should think about navigating these new compliance challenges.
|
By Derek Maki
In a digital world that’s evolving faster than ever, industry landscapes are shifting, and customer needs are becoming more complex. At Veracode, we recognize these fundamental changes in the application security space. That’s why Veracode strategically acquired Longbow Security, now rebranded as Veracode Risk Manager.
|
By Donna Namorato
In our hyper-connected reality, software applications are the unsung heroes of business operations. But, let's face it, with great tech comes great vulnerability to cyber shakedowns and data leaks. This begs the question: “Is scanning enough to manage risk?” Organizations are playing a high-stakes game of keeping their apps secure to safeguard their secrets.
|
By Chris Wysopal
Organizations face an increasing number of software security threats that can compromise their sensitive data and disrupt business operations. To effectively manage these risks and enhance their security posture, it’s crucial for organizations to adopt modern application risk reduction strategies that not only mitigate potential vulnerabilities but also provide clear, actionable next steps and insights for reporting purposes.
|
By Robert Haynes
If you’re an avid reader of Application Security surveys, analyst papers, or incident reports, you may have concluded that the biggest issue most organizations have with application security is NOT finding the flaws in their codebase, but is, in fact, finding ways to remediate them while also creating new applications and updates, oh and keeping the lights on. Many organizations are drowning in security debt.
|
By Veracode
Software development is one of the most impacted workflows in the Artificial Intelligence revolution. How will you handle the AI-driven revolution in software development securely? Check out this video to see how our innovation can help you stop risks in AI and the software supply chain at the start.
|
By Veracode
Watch Veracode CEO Brian Roche on BBC's Talking Business as he discusses the evolving landscape of cybersecurity and how Veracode is leading the way in protecting digital infrastructures. Discover key insights into the challenges and solutions shaping our digital world today. Don't miss this in-depth look at the future of cybersecurity!
|
By Veracode
Build and scale secure software from code to cloud with speed and trust. Veracode’s Platform allows you to start fast and scale, enable real-time flaw remediation, and gain actionable visibility into your application risk.
|
By Veracode
Join our CEO, Brian Roche, and CTO, Chris Wysopal as they talk about Veracode's recent acquisition and more.
|
By Veracode
Are you ready to dive into the world of application security and artificial intelligence? Watch the exclusive talk by the renowned Julian Totzek Hallhuber, Solutions Architecture Manager at Veracode, during Mind the Sec 2023 in Brazil. In this engaging talk, Julian explores the advantages and disadvantages of using AI in the AppSec landscape and discovers how AI is revolutionizing the way we protect our applications from constantly evolving cyber threats.
|
By Veracode
Veracode co-founder Chris Wysopal joins host Brian Roche, Chief Product Officer of Veracode, in our inaugural video podcast, The Tech Evolution. In this episode Brian and Chris discuss the impact that artificial intelligence has on software development, and even more importantly, keeping software secure using this exciting new technology.
|
By Veracode
In this video, you will learn how to create, configure, and schedule an unauthenticated Dynamic Analysis. An unauthenticated Dynamic Analysis scan is appropriate when the site you are scanning does not require a login. Veracode Dynamic Analysis also supports the scanning of websites that require authentication, such as login via a web form, browser-based, or NTLM.
|
By Veracode
In this video, you will learn how to install the Veracode IntelliJ Plugin, generate API ID and key credentials in the Veracode platform, and store those credentials in IntelliJ. The Veracode IntelliJ Plugin enables you to upload binaries to the Veracode Platform for static security analysis. You can then review the scan results from within IntelliJ IDEA to identify and mitigate potential security findings in your applications.
|
By Veracode
Introducing Veracode Container Security - this new tool is now seamlessly integrated with the Continuous Software Security Platform. Veracode Container Security is a command line interface (CLI) tool that integrates into your pipeline with ease. This empowers developers to secure containers earlier in the software development life cycle, ensuring containers are built and deployed securely.
|
By Veracode
While shifting security left in your software development lifecycle is crucial to application security success, it's still imperative to maintain testing in the later stages of your process. After all, some web application vulnerabilities can only be discovered at that point in the SDLC.
|
By Veracode
With a comprehensive AppSec program, you want to understand your entire development, security, and application footprint so you can roll out consistent tools and processes. As a result, only a portion of your applications are covered, leaving vulnerabilities unprotected. And blind spots are clouding visibility into risk reduction efforts, making it difficult to report on progress throughout your organization.
|
By Veracode
Veracode Static Analysis provides fast, automated security feedback to developers; conducts a full policy scan before deployment; and gives clear guidance on what issues to focus on and how to fix them faster.
|
By Veracode
You want AppSec tools in your development process, but anything less than full integration undermines your program's effectiveness. Getting the right resources into developers' hands typically requires: tools, systems, and processes. Ongoing maintenance: Routine patches and upgrades can be time consuming-especially if you're supporting multiple geographies or teams-and may break your customizations.
|
By Veracode
In a world where time is money, companies are required to churn out software quickly or get left in the dust. To stay ahead of the market, developers are turning towards open source code, which - when secure - can be a valuable asset towards their efforts
|
By Veracode
Developers want to create secure code, but lack training, so they must rely on AppSec experts to create secure applications. But the severe cybersecurity talent shortage leads to: As a result, developers are often conducting their own security research, which takes substantial time, increasing software delays and costs. With Veracode, you enable developers to write secure code and decrease flaws, so you can make your developers security self-sufficient.
|
By Veracode
Veracode Security Labs shifts application security knowledge "left," earlier in the development cycle, through guided, interactive exercises that train developers to tackle modern threats in the evolving cybersecurity landscape and deliver secure code on time.
|
By Veracode
Today, most organizations are in a race to deliver new, innovative software before their competitors. In turn, they have gone from bi-annual software releases to daily, hourly, or even by-the-minute releases. To keep up with these rapid deployments, security has had to shift from being a late-stage blocker, to an integrated part of the development process. Developers have been doing their best to implement these security measures, but since their performance is often tied to the rate of deployments, speed tends to take precedence. As a security professional, what are some steps you can take so that security doesn't take a back seat to speed?
- February 2025 (4)
- January 2025 (2)
- December 2024 (1)
- November 2024 (3)
- October 2024 (3)
- September 2024 (7)
- August 2024 (2)
- July 2024 (7)
- June 2024 (9)
- May 2024 (5)
- April 2024 (6)
- March 2024 (7)
- February 2024 (6)
- January 2024 (7)
- December 2023 (8)
- November 2023 (8)
- October 2023 (4)
- September 2023 (9)
- August 2023 (4)
- July 2023 (4)
- June 2023 (7)
- May 2023 (5)
- April 2023 (3)
- March 2023 (5)
- February 2023 (4)
- January 2023 (7)
- December 2022 (3)
- November 2022 (9)
- October 2022 (11)
- September 2022 (9)
- August 2022 (9)
- July 2022 (8)
- June 2022 (3)
- May 2022 (7)
- April 2022 (8)
- March 2022 (7)
- February 2022 (8)
- January 2022 (2)
- December 2021 (11)
- November 2021 (9)
- October 2021 (3)
- September 2021 (7)
- August 2021 (5)
- July 2021 (7)
- June 2021 (20)
- May 2021 (15)
- April 2021 (26)
- March 2021 (13)
- February 2021 (11)
- January 2021 (11)
- December 2020 (19)
- November 2020 (7)
- October 2020 (14)
- September 2020 (13)
- August 2020 (19)
- July 2020 (15)
- June 2020 (7)
- May 2020 (7)
Veracode delivers the application security solutions and services today’s software-driven world requires. Veracode’s unified platform assesses and improves the security of applications from inception through production so that businesses can confidently innovate with the web and mobile applications they build, buy and assemble as well as the components they integrate into their environments.
Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.
The Veracode Solution:
- Overcoming DevSecOps Challenges: Innovating through software holds many promises but also bears risks. AppSec programs often struggle with the same problems:
- Some solutions are hard to manage and scale.
- Developers are not empowered to fix security issues.
- Security teams lack bandwidth to manage DevSecOps programs.
- Delivered Through SaaS: Our SaaS model delivers a better, more scalable service at a lower cost. Because we've analyzed over 10 trillion lines of code, Veracode is able to provide the fastest path to accuracy - without tuning. Our expertise is based on analyzing customer programs for over a decade.
- Application Analysis: Veracode simplifies AppSec programs by combining five application security analysis types in one solution, all integrated into the development pipeline.
- Developer Enablement: Most AppSec programs forget that there is only one team that can fix security findings: the development team. Veracode provides developers with security feedback in their IDE in seconds as they are writing code, helping them learn on the job.
- AppSec Governance: AppSec programs can only be successful if all stakeholders value and support them. That’s why Veracode helps security teams to demonstrate the value of AppSec.
Manage Your Entire Application Security Program in a Single Platform.