Veracode

Stay Ahead of Security Threats! Discover the critical details about the polyfill supply chain attack below. Learn how immediate actions, like removing references to polyfill.io in your code, can prevent potential breaches. On June 27th, Sansec updated the disclosure and said: “Cloudflare has implemented real-time rewrites of cdn.polyfill.io to their own version. A little later, Namecheap has put the domain on hold altogether, which eliminates the risk for now. However, you are still recommended to remove any polyfill.io references in your code.” Read our full analysis and expert recommendations here: 🔗 https://bit.ly/3RRCs15

It may be summer, but there’s no slowing down the Veracode team. Here are a few highlights from June’s events: Our Prague office hosted an incredible meet-up with Womenly. We hosted the “How to Fix Security Flaws Faster” session at CDM Boston CISO Summit. Sohail Iqbal, Veracode CISO,  shared his insights on the "Crossroads of AppSec & Gen-AI" with practical steps for safely adopting GenAI and managing its impact on software development and organizational processes at the AI Risk Summit in San Francisco. Our CTO and Co-founder, Chris Wysopal was part of a roundtable discussion at the GBI NYC CISO Summit. The Southeast team had a great time connecting with GuidePoint Security at GPSec Atlanta. We’re ready to see you – let us know which events you’ll be at this month. 

Congratulations to Sohail Iqbal for being named as a BostonCIO ORBIE award finalist. This recognition highlights Sohail's commitment to excellence in technology leadership, particularly in driving innovation and #security in the tech industry. The ORBIE Awards honor outstanding CISOs who have demonstrated leadership, innovation, and effectiveness in their roles. Being named a finalist is a testament to Sohail's impactful contributions to our company and the technology community overall. Please join us in congratulating Sohail on this remarkable achievement!

Mark your calendars! We're gearing up for an exciting lineup at the WeAreDevelopers World Congress from 17-19 July. Don't miss out on key insights from Veracode experts: 🔹 Chris Wysopal is taking over the main stage with a keynote on Friday, 19 July, from 11:00-11:30 CET. 🔹 Julian Totzek-Hallhuber will deliver his compelling talk: "Let’s Write an Exploit Using AI" on Friday, 19 July, from 12:20-12:50 PM at Stage 4 (500). Prepare to dive deep into the world of AI and cybersecurity! 🔹 Niels Tanis will share his expertise in his talk "Reviewing 3rd Party Library Security Easily Using OpenSSF Scorecard," on Friday, 19 July, from 1:00-1:30 PM at Stage 4 (500). 🎟️ Special Offer: Grab your ticket now and enjoy a 15% discount with the code WWC_Veracode15. Don’t miss out on the opportunity to be part of this pivotal tech event! 🔗 Learn more about the event here: https://lnkd.in/g9sUVP7w

Time is running out! Is your organization drowning in security debt? Join us for a transformative webinar on "Lifting the Burden of Security Debt and Its Impact on Risk and Profitability" this Thursday. Learn from industry experts including Chris Wysopal, Chris Eng, and special guest Janet Costello Worthington from Forrester as we dive deep into strategies that can significantly reduce security risks and enhance your operational efficiency. Secure your spot today: https://lnkd.in/ga5cYA7D

How Mature is Your AppSec Program? As we navigate the evolving landscape of application #security, understanding the maturity of your AppSec program is crucial. Inspired by our latest blog, "Navigating the Stages of AppSec Maturity: A Tactical Guide for Risk Management," we're curious about your organization's current #appsec maturity. Four stages of AppSec Maturity: 🔹Reactive – Mostly ad-hoc security measures. 🔹Baseline – Integrated security assessments at the end of development. 🔹Expanded – Automated tools across the SDLC supporting developers. 🔹Advanced – Comprehensive, holistic security approach with minimal security debt. Cast your vote below & check out our blog for insights on each stage and tips on advancing your AppSec maturity! https://lnkd.in/gqqUNRCy

Heading to the upcoming AI Risk Summit? Join us at the Ritz-Carlton, Half Moon Bay June 25-26, where we'll explore cutting-edge solutions and strategies to safeguard against AI vulnerabilities. The summit is a convergence of top security and risk management executives, AI researchers, and policymakers, all focused on navigating the challenges and innovations in AI security. Don't miss out on insights into securing software in the age of AI. We hope to see you there! 🔗 https://lnkd.in/gzvCVT9h

It's only the middle of June, but our team has been very active in Europe, participating in significant events like Codemotion Spain, Cyber Show Paris, and #CyberFusionCenterHorizon2024 hosted by TECNIMONT, showcasing our expertise and engaging with the community on critical #cybersecurity topics. Antonio Reche participated in a tech talk called "Ethics and Business: Navigating the challenges of AI in the company. Grégory Domagala led an engaging session on the critical role of generative AI in development and its security implications. Massimo Tripodi delivered a compelling presentation emphasizing the critical importance of application security. He presented 𝙑𝙚𝙧𝙖𝙘𝙤𝙙𝙚 𝙁𝙞𝙭 and explored cutting-edge topics such as AI-driven threat management, cyber resilience, and infrastructure protection. Did you see us at one of these events? Let us know which was your favorite below.

Are you part of the 70% of organizations drowning in security debt? Join our upcoming webinar with Veracode leaders, Chris Wysopal and Chris Eng, and special guest Janet Costello Worthington of Forrester. We'll explore proven strategies like continuous scanning and AI-powered fixes not only to manage but also to significantly reduce your security risks. Elevate your #AppSec program and turn your security debt into security dividends. Secure your spot today and start transforming your approach to application security! 🔗 https://bit.ly/3KFkY4b