Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

veracode

Beyond the Basics: Advanced Features in Application Security Testing Software

Nov 25, 2025 By Natalie Tischler In Veracode
The landscape of application development is moving faster than ever, driven by AI and cloud-native technologies. While this rapid innovation creates opportunity, it also expands the attack surface, making robust security non-negotiable. As a security leader, you understand that effective application security testing software is the foundation of a strong defense. But in the face of escalating threats, are the basic tools still enough?
Read Post
veracode

UK Cyber Security Bill: A Mandate for Resilience

Nov 20, 2025 By Katy Gwilliam In Veracode
The UK government has introduced its Cyber Security and Resilience Bill to parliament, signaling a significant update to the nation’s cybersecurity framework. The legislation aims to modernize and strengthen the existing Network and Information Systems (NIS) Regulations 2018, preparing the UK to defend against a new generation of digital threats. This bill is more than a regulatory update; it is a clear call for businesses to embed proactive security and resilience into their core operations.
Read Post
veracode

GPT5 Pulls Ahead on Secure Code While Rivals Stall

Nov 18, 2025 By Natalie Tischler In Veracode
AI coding assistants are evolving quickly. But are the latest models any better at writing secure code? Our October 2025 analysis brings fresh data on how newer large language models (LLMs) stack up against their predecessors, and the results reveal both progress and persistent gaps. This update builds on our July 2025 GenAI Code Security Report, which tested over 100 LLMs across four major programming languages.
Read Post

When AI writes code, who fixes the flaws?

Nov 18, 2025 By VERACODE In Veracode
Veracode's Chief Security Evangelist Chris Wysopal on AI's Coding Secret: 45% of Code Has Vulnerabilities Chris (aka @WeldPond), Wysopal, a veteran in application security and former member of the legendary L0pht hacker group, shares practical insights on shifting security left while embracing AI-powered development. Whether you're a CISO, AppSec leader, or developer using Copilot/GitHub Copilot, Claude, or other AI coding assistants, this discussion will change how you think about secure AI adoption.
View Video
veracode

Beyond Your Code: A Guide to Software Supply Chain Risk Management

Nov 12, 2025 By Natalie Tischler In Veracode
The code your team writes is only a fraction of what ends up in your final product. For many teams, the majority is open-source code from third-party packages. This reliance on external dependencies creates a complex software supply chain, and each link in that chain is a potential entry point for attackers.
Read Post
veracode

Malicious NPM Package Found Targeting GitHub By Typosquatting on GitHub Action Packages

Nov 10, 2025 By Veracode Threat Research In Veracode
The package states it is for the GitHub Actions Toolkit, which has a legitimate npm package @actions/artifact. Therefore this malware package is a clear typosquat with the swapping of the letters “ti” for “it”. We took a look at the “harness” binary as indicated in version 4.0.13.
Read Post
veracode

From Detection to Protection: A Look at End-to-End AppSec Solutions

Nov 6, 2025 By Natalie Tischler In Veracode
Modern application development moves at an incredible pace, but this speed often creates a gap between innovation and security. Effective AppSec Solutions close this gap by shifting security from a reactive bottleneck to a proactive, integrated part of the entire software development lifecycle (SDLC). This end-to-end approach doesn’t just detect flaws; it provides a unified framework to manage and reduce risk from the first line of code to the final cloud deployment.
Read Post
veracode

DevSecOps Best Practices: How to Integrate Security into Your DevOps Pipeline

Nov 4, 2025 By Natalie Tischler In Veracode
DevOps and security teams often operate with conflicting goals: one pushes for speed, the other for safety. This friction creates bottlenecks, slows innovation, and builds security debt. But what if you could align these functions with a clear, actionable framework? Instead of just talking about “shifting left,” you could implement a structured process that embeds security into every stage of development: DevSecOps best practices.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.