You don't need to be an expert to know that hacks, attacks and other digital security breaches are never a good thing. But one industry's annoyance is another industry's nightmare — and if you've read Veracode's "State of Software Security Report, Volume 6," then you know that most common security…

In some ways, all injection attacks are the same. The hacker puts code in some form of user input field, attempting to trick the machines on the other end into granting information or access they shouldn't. If successful, the hacker then uses these ill-gotten gains to carry out damaging attacks…

If you've read the existing pieces in Veracode's "Addressing the Scalability Challenge" series (a collection of blog posts spurred by a whitepaper of the same title), then you know that scaling your security efforts can be a challenge. The threatscape businesses face is larger than ever, and it…

There's a reason DevOps culture values effective communication and collaboration so highly. In an industry where distributed offices full of crucial roles are the norm — and one where even departments within the same buildings tend to distrust one another — any improvement in the way people…

In some ways, dealing with problems caused by insecure third-party code is harder than resolving internal development issues. By default, you have less direct control over a vendor's actions when a security issue is discovered, making it difficult ensure that the issue is remediated. There are…

The fact that communication is a vital aspect of successful third-party relationships is obvious. ("You mean to tell me I have to talk to the companies producing my code? Jeez, next you'll say I have to give them money or something!") That said, simple statements can hold a lot of meaning, and woe…