Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Here’s what you need to know about the progression of the Polyfill supply chain attack and how to respond.

As Chief Information Security Officers (CISOs), it's crucial to manage risks in a holistic and consolidated manner as the landscape of threats, particularly those targeting applications, continues to evolve and expand. With the increasing reliance on digital technologies, artificial intelligence (AI), and cloud-based services, the attack surface for potential cyber threats is growing and changing.

Veracode Scan for VS Code was one of the big hits on the expo floor at the RSA Security conference in May this year. People liked the integration of Veracode Static, Veracode SCA, and Veracode Fix into a single extension, giving developers the tools to scan their code and resolve problems with AI assistance while they are actively developing code.

In the rapidly evolving digital landscape, the maturity of an organization's Application Security (AppSec) program is not just beneficial; it's imperative for resilience at scale and reducing security debt accumulation. Since software is increasingly central to business operations, the need for robust AppSec programs has never been more critical. Here’s a guide to understanding the various stages of AppSec maturity and how to evolve through them for effective risk management.

Cyberattacks are a growing threat, making it crucial for us to understand the tools and techniques available to secure applications. Today, we dive into the differences and similarities between Dynamic Application Security Testing (DAST) and Penetration Testing with insights from a Veracode industry expert and certified penetration tester, Florian Walter. DAST is an automated technique designed to identify security vulnerabilities in web applications and APIs during runtime.

In the rapidly evolving landscape of technology, the fusion of Artificial Intelligence (AI) and cybersecurity is creating both exciting opportunities and formidable challenges. The recent breakfast briefing on the historic HMS Belfast served as a critical forum for industry leaders to explore these issues in depth.

The world is quickly seeing the rise of AI powered customer service. The conversational agent chatbots enhance the customer experience but also introduce a new attack vector. Here's what you need to know about strengthening AI chatbot defenses. Many AI driven technologies have access to vast data sources and access to functions that assist users. AI chatbots can be used in many ways such as answering questions about an item in stock, help develop code, to helping users reset their password.

Implementation of a DevSecOps approach is the most impactful key factor in the total cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. DevSecOps, security practices integrated in DevOps, represents an advanced practice where the choice of tools is crucial for maximum risk reduction.

Years of accumulated security debt due to unaddressed software vulnerabilities and inadequate security configurations plague the applications that support our government functions. The age and size of applications play a significant role in the accumulation of security debt. The State of Software Security 2024 report provides a detailed analysis of how these factors correlate with security vulnerabilities, particularly in older and larger applications.