If you're in a business that handles credit cards, you already know how crucial it is to keep that data secure. PCI DSS is a set of compliance requirements that ensure all companies handling cardholder data keep it secure. And that it's not just a good idea—it's a must. As cyber threats become more sophisticated, it's challenging to keep pace with complex security and compliance landscapes.

Years of accumulated security debt due to unaddressed software vulnerabilities and inadequate security configurations plague the applications that support our government functions. The age and size of applications play a significant role in the accumulation of security debt. The State of Software Security 2024 report provides a detailed analysis of how these factors correlate with security vulnerabilities, particularly in older and larger applications.

RSA Conference 2024 brought together industry experts, practitioners, and policymakers to discuss the latest trends and challenges in cybersecurity. We showcased our commitment to CISA's Secure by Design, explored the potential of AI in risk management, and emphasized the significance of global collaboration. Here are some highlights from our time at RSA Conference, providing insights into the discussions and announcements that shape the future of cybersecurity.

In the swiftly evolving landscape of AI-driven software development, DevSecOps helps strengthen application security and quality. Dynamic Application Security Testing (DAST) is a key tool that helps scale your DevSecOps program by facilitating continuous and accurate security tests on running applications. DAST simulates real-world attacks, enabling you to identify security weaknesses and evaluate your application's defenses in response to actual attacks.

Are you looking to catch up on the latest in AI and cloud-native Application Security at RSAC 2024? Veracode is hosting a series of talks at our booth along with a series of programs at The W San Francisco. Here are all the details.

We’re excited to bring you two significant updates to Veracode Fix: our AI-powered security flaw remediation tool. Since we launched Fix nearly a year ago, two requests have dominated our customer feedback: We recently launched a new version of Veracode Scan for VS Code that included Fix (with more IDE’s to follow), which answered some of those requests, and now we’re updating Fix to cover more languages and a new mode that will automatically apply the top-ranked fix.

Traditional methods of flaw remediation are not equipped with the technology to keep pace with the rapid evolution of code generation practices, leaving developers incapable of managing burdensome and overwhelming security debt. Code security is still a critical concern in software development. For instance, when GitHub Copilot generated 435 code snippets, almost 36% of them had security weaknesses, regardless of the programming language.

Software development teams face a constant dilemma: striking the right balance between speed and security. How is artificial intelligence (AI) impacting this dilemma? With the increasing use of AI in the development process, it's essential to understand the risks involved and how we can maintain a secure environment without compromising on speed. Let’s dive in.

As I travel around the world meeting with customers and prospects, we often discuss the tectonic shifts happening in the industry. At the heart of their strategic initiatives, organizations are striving to innovate rapidly and deliver customer value with uncompromising quality and security, while gaining a competitive edge in the market.

The US National Institute of Standards and Technology (NIST) has almost completely stopped analyzing new vulnerabilities (CVEs) listed in its National Vulnerability Database (NVD). Through the first six weeks of 2024, NIST analyzed over 3,500 CVEs with only 34 CVEs awaiting analysis.1 Since February 13th, however, nearly half (48%) of the 7,200 CVEs received this year by the NVD are still awaiting analysis.2 The number of CVEs analyzed has dropped nearly 80% to less than 750 CVEs analyzed.