Hi [[ session.user.profile.firstName ]]

State of Software Security: Peer Benchmarking to Evolve Your AppSec Program

Metrics are essential to understanding any AppSec Program. In addition to measuring performance against internal objectives, benchmarking across peers can be a powerful way to inform program strategy. Veracode customers across different industries are applying data from Veracode’s State of Software Security (SoSS) report to drive maturity, engage developers, build executive support, and procure additional resources as they evolve their programs. Join this webinar to gain insight into how some Veracode customers are leveraging SoSS data, and next steps you can take to get your organization’s own SoSS comparison from Veracode.
Recorded Dec 4 2019 26 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Annie Znamierowski, Sr Security Program Mgr, Veracode
Presentation preview: State of Software Security: Peer Benchmarking to Evolve Your AppSec Program

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • DevSecOps - Sécurisez vos applications à la vitesse du DevOps Jun 2 2020 9:00 am UTC 45 mins
    Nabil Bousselham | Solution Architect at Veracode
    C’est au moment où vous pensez que les cybermenaces ne peuvent pas devenir critiques qu’elles empirent.
    Les cyberattaques ont doublé au cours des 12 derniers mois. Ce n'est pas seulement les risques cyber qui mettent en péril vos ressources, c'est aussi l’effort nécessaire pour y remédier qui les épuisera. Il est donc important aujourd’hui d’adopter les stratégies, politiques et processus du DevSecOps.

    Veracode affirme que les technologies natives du cloud aident les développeurs à réduire le temps nécessaire pour éliminer les failles de sécurité. Gartner indique que, d'ici 2022, les organisations qui utilisent une infrastructure cloud pour automatiser la protection et la sécurité subiront 60% d'incidents de sécurité en moins. Les équipes DevSecOps qui travaillent de cette manière résoudront les problèmes de sécurité trois fois plus rapidement.
    Mais comment ? Rejoignez Nabil Bousselham, Solutions Architect EMEA chez Veracode, qui vous montrera en pratique ce que signifie DevSecOps, ainsi que les étapes nécessaires pour obtenir des résultats rapides et efficaces.
    Dans ce webinaire, vous découvrirez :

    Comment lancer et établir un programme DevSecOps en interne
    Les gains rapides qui renforceront votre posture de sécurité en quelques semaines
    Comment placer l'analyse de la sécurité dans les pipelines CI / CD
    Où vous devriez concentrer les ressources pour obtenir des résultats
    Comment développer une bonne culture d’entreprise pour produire du code sécurisé
  • A Security Pro in Developers Clothing May 20 2020 2:00 pm UTC 45 mins
    Ryan O'Boyle | Security Architect at Veracode
    Security teams and development teams share the goal of producing secure products, but they aren’t well informed about dev tools and processes.

    Ryan O’Boyle of Veracode will share practical, how-to tips for security teams to provide developers with visibility into security issues early and often, and to build tools and libraries that enable developers to move fast but securely.
  • Panel - Debunking the AppSec Silver Bullet Myth with Veracode & HackerOne May 13 2020 10:00 am UTC 60 mins
    Paul Farrington, Laurie Mercer, Chris Kirsch, James Kettle
    There is no AppSec silver bullet. All application security scans – static analysis, dynamic analysis, penetration tests, bug bounties, etc. – have a role to play, and they all work together to fully secure your application layer.

    Join Veracode, HackerOne, for a virtual meetup to learn about the strengths and weaknesses of different scan types as well as best practices and practical advice for building or maturing an application security program.

    Key takeaways
    The strengths and weaknesses of the different AppSec analysis types
    Knowing about your risks means you can mitigate against them
    Security is better achieved together

    We will be giving away a £10/€10 Uber Eats vouchers to the first 50 registrants who register to this virtual panel, so you can lunch whilst you watch.

    Help shape the conversation by completing this survey - https://ayandachiwuta.typeform.com/to/Uz45IT

    Panel Speakers
    Chris Kirsch, Director Product Marketing, Veracode - Moderator
    Paul Farrington, EMEA CTO, Veracode – Panelist
    Laurie Mercer, Security Engineer, HackerOne - Panelist
    James Kettle, Director of Research, Hacker, PortSwigger Web Security - Panelist
  • El Análisis Adecuado, en el Lugar y Momento Adecuados. Apr 29 2020 9:00 am UTC 60 mins
    Antonio Reche, Solutions Architect, Veracode
    ¿Cómo está integrando la seguridad en el proceso de desarrollo? ¿Puede probar la seguridad sin ralentizar el proceso de desarrollo? Queremos escuchar sus experiencias y compartir nuestras nuevas iniciativas para abordar este desafío.

    Recientemente hemos presentado nuestra nueva familia de productos de Análisis Estático, que combina nuestros escaneos estáticos existentes con el nuevo Pipeline Scan. El Análisis Estático de Veracode ahora incorpora IDE Scan, que ayuda a los desarrolladores a prevenir nuevos defectos a medida que codifican, Pipeline Scan, que proporciona análisis integrados e inmediatos para que la producción no se detenga, y Policy Scan para informes con requerimientos de seguridad y auditorias.

    Únase a nosotros en este workshop interactivo: queremos escuchar sus desafíos, responder sus preguntas y mostrarle nuestra última tecnología y cómo puede abordar los problemas de seguridad de sus aplicaciones. En este workshop, obtendrás:

    •Conocimiento detallado de nuestro nuevo Pipeline Scan
    •Información sobre cómo el Análisis Estático de Veracode puede ayudarle a proteger sus pipelines de aplicaciones
    •Conocer el valor del análisis de seguridad rápida en el IDE
    •Detalles sobre cómo el Análisis Estático de Veracode puede ayudar a cumplir con las políticas de seguridad y su reporting.
  • Creating a Bridge Between Development and Security Apr 28 2020 1:00 pm UTC 45 mins
    Chris Kirsch | Director, Product Marketing at Veracode
    As security testing has "shifted left," the roles of and relationship between the security and development teams have changed. In the past, security testing was solely in the realm of the security team. Today, that responsibility has shifted to the development team, with the security team taking on more of an oversight role. With this shift, each team has to develop new skills, take on new processes, gain new understanding, and build new relationships.

    Join this session to learn:

    What security professionals today need to know about modern software development
    The best practices for building trust between security and development teams
    How to integrate security scanning into the development pipeline in a way that both decreases risk and increases productivity
  • Formation pratique pour adresser l’expertise AppSec dès le début du cycle de dév Apr 23 2020 12:00 pm UTC 60 mins
    Nabil Bousselham, Principal Solutions Architect
    Déployer un logiciel rapidement et en toute sécurité, c'est pratiquer le « shift left » pour inclure la sécurité dès le début du cycle de développement, et ainsi réduire le risque d'éventuels contretemps en cours de route. Veracode Security Labs contribue à ce changement, en veillant à ce que les développeurs complètent le module de formation et soient prêts à corriger les failles de sécurité plus rapidement et à produire un meilleur code dès le début du projet. Security Labs est plus efficace qu’un programme d’apprentissage en ligne. Il offre notamment une expérience pratique qui permet d'acquérir des compétences précieuses en utilisant des applications réelles. De plus, cet outil puissant aide les équipes à répondre aux exigences de conformité, comme le PCI, qui impliquent une formation continue sur l'AppSec.
    Cette formation pratique, personnalisée et complète permet de mettre en place les meilleures pratiques de codage sécurisé que les développeurs appliqueront dans le cadre de leurs futurs projets. Cela signifie un déploiement plus rapide et moins de risques pour votre entreprise.

    Participez à ce workshop pour une introduction à Security Labs qui couvrira :

    Une introduction au module Security Labs et une démonstration en direct de la plateforme
    Comment Security Labs peut vous aider à satisfaire les exigences de conformité
    Comment définir les modules requis, les délais et suivre les progrès de l'équipe
  • Shift Application Security Knowledge Left to Deliver Secure Code On Time Apr 21 2020 2:00 pm UTC 45 mins
    Fletcher Heisler | Director, Developer Enablement at Veracode
    When it comes to software, developers are really the only ones in an organization who can fix the vulnerabilities in their code. Yet in many cases they don’t have the training needed to identify and remediate vulnerabilities, or to code securely enough to reduce the number of vulnerabilities found in production. In addition, security teams often don't have the bandwidth or expertise to teach them. The result is an ever-growing mountain of security debt.

    Join product experts from Veracode who will share strategies on how to bridge the gap between development and security including:

    Creating opportunities for real-world remediation skills for modern threats,
    Designing developer training programs specifically to meet compliance requirements,
    Deploying relevant and customized developer training at the speed of DevSecOps.
  • Taking a Holistic Approach to Understanding & Managing Your Information Risk Apr 15 2020 6:00 pm UTC 60 mins
    Carol Rogert, Security Program Manager, Veracode and Joe Vadakkan, Global Practice Leader, Cloud Security, Optiv
    How does a business create and scale an effective, comprehensive security program? For most IT organizations, there are an unwieldy number of security solutions to evaluate, onboard, and ultimately manage. Join services and implementation experts from Veracode and Optiv as they discuss the benefits of taking a holistic approach to assessing and managing information risk across an organization. During this webinar they will share perspectives and best practices drawn from their experiences onboarding security solutions for customers. They will trace the evolution of both network security and application security and discuss the critical role of both in developing and implementing a risk management strategy that addresses compliance and regulatory requirements while protecting customer trust and brand equity.
  • Application Security Virtual Roadshow: Best Practices vs Practicality Recorded: Apr 7 2020 60 mins
    Panelists: Chris Wysopal, Veracode, Casey Ellis,Bugcrowd, John Steven, ZeroNorth, Luis Jimenez,Optiv
    Establishing an application security program is an ongoing process – there are always steps you can take to improve your program. Join us for our virtual roadshow where Veracode CTO, Chris Wysopal, will be teaming up with Bugcrowd CTO, Casey Ellis, ZeroNorth CTO, John Steven and Optiv Director of Threat Management, Luis Jimenez for a one-hour panel discussion on best practices for maturing your AppSec program. And, if you’re just starting your AppSec journey, our experts will also be providing some practical first steps you can take that will prepare your AppSec program for improvements in the future.
  • How to Accelerate Open Source Adoption, Not Open Source Risk Recorded: Mar 26 2020 39 mins
    Brittany O'Shea, Product Marketing Manager at Veracode
    In a recent blinded survey by Red Hat to more than 950 global IT leaders, 69 percent said Open Source Software was very or extremely important to the organisation’s overall enterprise infrastructure software plans. With the advantages of speed, agility, and cost-reduction, open-source software libraries are here to stay.

    However, with the delineated ownership in open source development can introduce new and sometimes dangerous software risks to an enterprise. It’s vital to have a strategy and framework in place to manage open source libraries and components. Otherwise, the road to digital transformation will likely be paved with frustrations, problems, and even failures

    Open source software risks revolve around three key areas: visibility, security, and governance.

    In this session we will help you understand these factors and how to formulate a stronger cybersecurity strategy that protects you from open source risk.
  • Deep-dive on Veracode Static Analysis Pipeline Scan Recorded: Mar 25 2020 47 mins
    Brittany O'Shea, Product Marketing Manager, Veracode
    The pace of modern software development continues to accelerate. To confidently ship secure software on time, you need the right scan, at the right time, in the right place. Veracode Static Analysis provides scans that are optimized for when they are leveraged in the SDLC. Our new Pipeline Scan—the first of its kind in the market—delivers rapid feedback to developers—on every build.

    We designed the Pipeline Scan to meet the needs of DevOps engineers; it was shaped by the experiences of EA customers who commit code hundreds to thousands of times a day across their organizations. This new scan integrates into the CI pipeline to offer test results each time code is committed. Teams can break the build if policy-violating flaws are introduced on a commit or net-new security issues are found. Because this scan is performed in-line with existing CI tooling, there is no learning curve for development teams.

    Join us for this deep-dive into the capabilities of this new scan type and learn how you can start using it to enable your developers and advance your AppSec program.
  • Panel Discussion - AppSec in Practice: The View From the Front Lines Recorded: Mar 12 2020 47 mins
    Chris Kirsch, Arun Vohra, Michael Man & Stewart Dawson
    Join this panel discussion between a security expert, a Veracode security program manager, and a Veracode customer to get a true picture of implementing and growing an AppSec program. We’ll discuss the triumphs, pitfalls, and lessons learned from real-world AppSec initiatives.

    Presented by...

    Chris Kirsch | Director, Product Marketing at Veracode

    Chris works on product strategy at Veracode and has 23 years of experience in security, particularly in the areas of application security testing, security assessments, incident response, and cryptography. He is the winner of the Social Engineering CTF Black Badge competition at DEF CON 25.

    Arun Vohra | Services Strategy and Product Manager at Veracode

    Arun comes from background in IT Risk and Assurance (KPMG), along with technical/management consulting experience in large scale IT Transformation programs (Accenture). Arun also leads Veracode’s Program Management function in EMEA and APAC, supporting Veracode’s customers define and execute successful AppSec programs.

    Michael Man | DevSecOps Consultant

    Michael has over 20 years of experience within the IT security industry, helping large enterprises be secure while complying with regulations, such as PCI DSS and factoring security into modern development practices.

    He is the founder and organiser of one of the largest community meetups "DevSecOps - London Gathering" and has co-organised the conference "DevSecOps Days London"

    Stewart Dawson | Global Security Architect at Veracode Customer (Financial Services)

    Stewart is an Enterprise Security Architect at a global financial services company. Prior to his current role, Stewart spent approx. 20 years working in Software Development, across a variety of roles and technologies. He specialises in Application Security and works with internal Development teams to help ensure that security is built into their products.
  • Fix What You Find With Developer Engagement Recorded: Mar 12 2020 42 mins
    John Smith | Director, Solution Architects at Veracode
    AppSec programs fail when developers are not engaged or empowered to fix vulnerabilities and security teams are only incentivized to find vulnerabilities but not to fix them. Too often, security teams dictate rather than partner with development teams and have unrealistic expectations. The result is a strained relationship between security and development.

    Join this session to learn:
    •How to help developers fix the security findings
    •How to work with developers to reduce the introduction of new security flaws
    •How to develop a security champions program
  • AppSec Beyond Technology Recorded: Mar 12 2020 46 mins
    Arun Vohra | Services Strategy and Product Manager at Veracode
    Technology alone cannot solve your AppSec challenges, you need to keep people and processes in mind as well. Effective AppSec programs get stakeholders aligned on the vision and execute on a roadmap for the program. But this is easier said than done. Join this session to learn:

    •How to define a program that achieves your goals, which may include risk reduction as well as compliance with internal policies, contractual requirements, laws and regulations.
    •How to scale your AppSec program.
    •How to use metrics to sell the value of AppSec to stakeholders as diverse as senior leadership, developers, and customers.
  • Debunking the AppSec Silver Bullet Myth Recorded: Mar 12 2020 36 mins
    Brittany O'Shea | Product Marketing Manager at Veracode
    There is no AppSec silver bullet. Each analysis type – static analysis, dynamic analysis, software composition analysis, interactive analysis, and penetration testing – has a role to play, and they all work together to fully secure your application layer. The different analysis types have different strengths in finding security issues, and they lend themselves to different stages of the SDLC.
    For instance, we recommend that you shift left to catch issues as early as possible because they are cheaper to fix. However, when scanning only parts of the application, you don’t have the full scope of the application. It’s like providing feedback on one chapter of a book without knowing the other chapters. You can provide feedback if it makes sense, but you can’t assess it in the context of all of the other chapters. The same is true for application security. That’s why you need to scan parts early but also scan when the application is fully assembled.

    Join this session to find out:
    •The strengths and weaknesses of the different AppSec analysis types
    •Where each analysis type fits in the SDLC
    •Why pipeline integrations are critical
  • DevSecOps Done Right Recorded: Mar 12 2020 47 mins
    Paul Farrington | CTO at Veracode
    Application security is not a one-and-done project, and there is no AppSec silver bullet. Application security is an ongoing program that assesses software at different stages of the development lifecycle in different ways. In this way, DevOps becomes DevSecOps. However, there are a few common obstacles that often hinder AppSec progress. Tune into this session to learn how to overcome the following:

    •Developers not empowered to fix what they find
    •AppSec solutions that are hard to manage and scale
    •Security teams with limited bandwidth to manage an AppSec program
  • Introducing the Next Generation of Veracode Static Analysis Recorded: Mar 5 2020 36 mins
    Brittany O'Shea, Product Marketing Manager, Veracode
    The right scan, at the right time, in the right place.

    To meet the demands of modern software development, application security scans must be fast and they must be accurate. For companies that innovate through software, effectively managing application security risk requires the right scan, at the right time, in the right place. In response to our customers’ adoption of DevSecOps practices, we have introduced the next generation of Veracode Static Analysis. Built on our SaaS platform, the Veracode Static Analysis product family now includes three different scans types: an IDE Scan that provides focused, real-time feedback to developers as they code; a first-in-market Pipeline Scan than runs on every build, providing feedback on the code at the team level; and a Policy Scan that provides a full evaluation of an application against security policy before releasing it. Join us to learn how these three scans work together to strengthen application security programs.
  • Veracode Static Analysis: The Right Scan, at the Right Time Recorded: Mar 5 2020 29 mins
    Brittany O'Shea, Product Marketing Manager at Veracode
    In a recent study conducted by GitHub to more than 4,000 global developers, 43% of developers report they deploy on-demand or multiple times a day, and nearly the same percentage, 41%, deploy between once a day and once a month. To meet the demands of modern software development, application security must be fast, and it must be accurate. Traditional Static Analysis tools run by security teams late in the testing phase no longer meet the needs of organizations.

    Effective management of application security risk requires the right scan, at the right time, in the right place. In response to our customers’ adoption of DevSecOps practices, we have introduced the new Veracode Static Analysis. Built on our SaaS platform, the Veracode Statics Analysis product family now includes three different scans types: the IDE Scan provides focused, real-time feedback to developers as they code; the first-in-market Pipeline Scan runs on every build providing feedback on the code at the team level; and the Policy Scan provides a full evaluation of applications against security policy before releasing the software.

    Join us to learn how these three scans work together to strengthen your application security program.
  • 10 Years Up – The State of Software Security Recorded: Jan 30 2020 45 mins
    Paul Farrington, CTO at Veracode
    For ten years, Veracode has been tracking the State of Software Security. In our 10th anniversary study, we confirm that teams are making a huge difference in reducing security debt. This webinar looks at some of the familiar challenges facing developers, but offers real reasons for optimism. We started Veracode with a mission to secure the world’s software. Today, that mission remains, with the added focus of enabling you to create, innovate, and “change the world” with software, without being held back by security concerns.

    In this webinar:

    - Learn about the security reality facing application owners - most applications fall short of industry standards
    - See which languages are the worst security offenders
    - Observe which flaws are the most prevalent, how frequently they are fixed, how they are exploited and which categories lead to the most incidents
    - Understand how teams are able to reach a 5x reduction in security debt
    - Gain insights into how developers are able to reduce the 'mean time to remediation' (MTTR) rate by over 70%
  • 10 Jahre State of Software Security Recorded: Jan 23 2020 42 mins
    Julian Totzek - Hallhuber, Solution Architect at Veracode
    Für 10 Jahre verfolgt Veracode bereits den Status zur Softwaresicherheit. In unserer 10. Jubiläumsausgabe bestätigen wir das Teams einen großen Unterschied bei der Reduzierung von Sicherheitsfehlern machen können. Dieses Webinar befasst sich mit den bekannten Herausforderungen, denen Entwickler gegenüberstehen, bietet jedoch auch echte Gründe für Optimismus. Wir haben Veracode mit der Mission gegründet, die Software der Welt sichern zu machen. Diese Mission ist auch heute noch gültig, mit dem zusätzlichen Fokus, es Ihnen zu ermöglichen, mit Software, Innovationen zu entwickeln und die Welt zu verändern, ohne von Sicherheitsbedenken zurückgehalten zu werden.

    In diesem Webinar
    Informieren Sie sich über die Sicherheitsrealität von Anwendungsanbietern - die meisten Anwendungen entsprechen nicht den Industriestandards
    Sehen Sie, welche Sprachen die schlimmsten Sicherheitsverstöße aufweist
    Erfahren Sie, welche Fehler am häufigsten auftreten, wie häufig sie behoben werden, wie sie ausgenutzt werden und welche Kategorien zu den meisten Vorfällen führen
    Verstehen Sie, wie Teams in der Lage sind, die Sicherheitsfehler um das Fünffache zu senken
    Gewinnen Sie Einblicke darüber, wie Entwickler die durchschnittliche Zeit bis zur Fehlerbehebung (MTTR) um über 70% reduzieren können.
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: State of Software Security: Peer Benchmarking to Evolve Your AppSec Program
  • Live at: Dec 4 2019 4:00 pm
  • Presented by: Annie Znamierowski, Sr Security Program Mgr, Veracode
  • From:
Your email has been sent.
or close