Fixing security findings in your code can be hard. Sometimes you need help from other developers who have solved these problems before. Veracode provides one-on-one time with ex-developers who can coach you through different approaches to address security findings. But sometimes, you don’t really…

Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are…

Metrics — or perhaps more accurately, the right metrics — are crucial for understanding what’s really happening in your AppSec program. They serve a dual purpose: They demonstrate your organization’s current state, and also show what progress it’s making in achieving its objectives.  We…

Veracode’s RESTful APIs use Hash-based Message Authentication Code (HMAC) for authentication, which provides a significant security advantage over basic authentication methods that pass the username and password with every request. Passing credentials in the clear is not a recommended practice from…

Software supply chain security has arrived with Google’s Vendor Security Assessment Questionnaire (VSAQ)! Or has it? The web-based application released under an open-source license on GitHub contains the actual questionnaire Google uses to review its own software vendors' security practices…

On today’s webinar, “Web & Mobile Applications: The Silent Assassins in your Cyber Security Strategy”, we will discuss the evolution of the application security perimeter with Erik Peterson, Veracode’s Director of Product Strategy. Erik will highlight how mobile devices and web applications…