Veracode Hackathon IX

It’s the semiannual Veracode hackathon, so I’m behind on blogging. Again. It’s that most wonderful time of the year—no, that other one. My company Veracode is hosting its ninth Hackathon this week, and it’s been interesting. The theme is 90s Internet Hackers, or as we say in my house, “Saturday.” Seriously: putting together the radio station … Continue reading “Veracode Hackathon IX”

Veracode is hiring

If you’ve ever wondered what it would be like to work at an amazing company in the security space, wonder no more. Veracode is growing, and we’ve got quite a few openings in sales, engineering, QA, research, and even (particularly) in product management. If you’ve read my posts about security and product management, if you’ve … Continue reading “Veracode is hiring”

Veracode: Cool Vendor

Quick pointers to a few awards Veracode has won recently: Readers Choice Award, Information Security Magazine and Gartner Cool Vendor Award, Application Security and Authentication category It’s great for Veracode to get this kind of recognition. I’m really proud to work at a company that can make a difference to how companies address application … Continue reading “Veracode: Cool Vendor”

New mix: Exfiltration Radio: The Mighty Hammond

It’s another Hackathon at Veracode, and time for another playlist. This time around we get an hour of jazz and jazz-adjacent Hammond organ, for your ass. This is not your ballpark organ music, he said, glaring sternly at the interrogator; it’s something that should be deep in your soul. There’s lots of Jimmy Smith on … Continue reading “New mix: Exfiltration Radio: The Mighty Hammond”

Dipping into the Brubeck discography

I’ve been a fan of Dave Brubeck’s jazz since I first listened to my parents’ copy of Dave Brubeck’s Greatest Hits, which is how I discovered “Take Five” and “Blue Rondo A La Turk.” Since then I picked up many of the great man’s recordings (including A Dave Brubeck Christmas, which I reviewed for Blogcritics back in … Continue reading “Dipping into the Brubeck discography”

Exfiltration Radio

We just finished another Veracode Hackathon, and this one was rock and roll themed. One of our brilliant hackers put together an Internet radio station where you could sign up for a one-hour time slot and post a playlist. Naturally, this was catnip. I spent a few hours putting together two playlists, which I’ve embedded below—one … Continue reading “Exfiltration Radio”

What I’ve been up to

I keep missing blogging days, but not because things aren’t busy. Here’s a roundup of places where I’ve been talking in the press and other stuff for the past few months: On the Veracode blog:  Regulations like FS-ISAC and PCI are now looking at the security of open source components, are you ready?. Plus a … Continue reading “What I’ve been up to”

Recent writing elsewhere

I’ve written a series of blog posts on the Veracode blog about application security. Check them out, if that sort of thing floats your boat, or if you just want to see what’s up in my professional life. Note that I don’t generally write my own headlines, so I don’t claim responsibility for clickbaityness or … Continue reading “Recent writing elsewhere”

What is free?

My company, Veracode, published our most recent State of Software Security Report yesterday (disclaimer: I’m one of the authors). The report mines data from hundreds of thousands of application scans to paint a picture of the risk profile of software. This year we included data on risk from open source components. The idea is that it’s … Continue reading “What is free?”

Two views of cybersecurity cost and return

Two different reports came out in the last 24 hours about the costs and investments required for cybersecurity. The first, a paper from the RAND Institute’s Sasha Romanosky, claims that, on average, breaches only have a modest financial impact to organizations—but also notes that the real costs are mostly not born directly by the corporation: while … Continue reading “Two views of cybersecurity cost and return”

The myth of fingerprints

InfoWorld (Chris Wysopal): Election system hacks: we’re focused on the wrong things. Chris (who cofounded my company Veracode) says that we should stop worrying about attribution: Most of the headlines about these stories were quick to blame the Russians by name, but few mentioned the “SQL injection” vulnerability. And that’s a problem. Training the spotlight … Continue reading “The myth of fingerprints”