Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The modern approach to application security includes strategies and technologies that help development teams prioritize the vulnerabilities they should address and fix. By giving these teams tools that efficiently identify security vulnerabilities that present the biggest risk, they can address them as quickly as possible. Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite, got together for a fireside chat to discuss how to implement these strategies.

When it comes to protecting software, don’t count on automated testing to find all the vulnerabilities in your code. Here’s why manual penetration testing is more essential (and more accessible) than one might think.

This is the fourth of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. Be sure to look out for our upcoming blogs on each of the five principles. With new headlines every day about organizations that have been targeted by cyberattackers, it’s not surprising that 75 percent of organizations assume they’re likely to have a breach in the next three years.

Government agencies are instructed by Executive Order to improve the delivery of digital services to citizens while also safeguarding critical data and systems. Often, this leads to a difficult decision between speed of application production and software security. However, as recent events have shown, sacrificing security in the name of speed compromises the safety of citizens and government infrastructure.

OpenSSL released version 3.0.7 with security fixes for High Severity vulnerabilities CVE-2022-3786 & CVE-2022-3602 discussed here. Here's how to know if you're affected and what to do if you are.

Building trust in government is both my passion and part of my character. Last year, when I found myself contemplating my next career move, I knew that I wanted to be at an innovative company devoted to rebuilding trust in federal agencies. It didn’t take long for me to realize that Veracode and I were a perfect fit. Immediately I saw how the company’s mission and innovative application-security technology aligned with my values.

Throughout my career, I’ve seen a lot of change in the realm of cybersecurity. Whether in private- or public-sectors, from pre- to post-pandemic, I’ve witnessed the struggles of agencies coming to terms with digital transformation and cybersecurity. What I’ve found is that federal agencies are expected to keep pace with their civilian counterparts while abiding by mandates to add an extra layer of security to digital operations.