6 episodes

In this six-part podcast series, we’ll dissect the results of Veracode’s State of Software Security Volume 9 report. Join industry experts for a deep-dive discussion on the research and a larger examination of application security today. Listeners will learn more about how organizations are handling software security amid today’s technology landscape. How to embed security design directly into the software delivery lifecycle. How security managers can better address low software flaw fix rates and what is a security champion - and how can your organization create the role?

Sponsored by Veracode

A Hard Look at Software Security IDG

    • Technology

In this six-part podcast series, we’ll dissect the results of Veracode’s State of Software Security Volume 9 report. Join industry experts for a deep-dive discussion on the research and a larger examination of application security today. Listeners will learn more about how organizations are handling software security amid today’s technology landscape. How to embed security design directly into the software delivery lifecycle. How security managers can better address low software flaw fix rates and what is a security champion - and how can your organization create the role?

Sponsored by Veracode

    How Can A Security Champion Help Your Development Team?

    How Can A Security Champion Help Your Development Team?

    A security champion serves as the voice of the developer while satisfying the needs of the business from a security perspective. In this episode we dig deeper into details on the role of the security champion and what effect having a champion can have on development and security. Listeners will learn about: • How to identify a security champion in your organization • What benefits can be expected from having a security champion • Suggestions for getting started with a security champion program

    • 16 min
    Flaw Fix Rates Are Low - How Can They Be Improved?

    Flaw Fix Rates Are Low - How Can They Be Improved?

    In this episode we discuss the latest findings on flaw fix rates in enterprises. Chris Eng, Vice President of Research, Veracode, offers perspective on what figures in the State of Software Security report reveal about the troubling amount of time it takes to address the majority of vulnerabilities. Listeners will learn about: • Average enterprise fix rates at one week and one month • Why enterprises still struggle with vulnerable open source components in software • What business can can do to mitigate risks associated with open source flaws

    • 15 min
    Open Source Components Continue to Thwart Enterprises

    Open Source Components Continue to Thwart Enterprises

    In this episode, we’ll discuss why enterprises still struggle with the occurrence of vulnerable open source components within their software - and what they can do to mitigate these risks. Listeners will learn more about: • The landscape of open source software today compared to internally developed code in enterprises • Why risk from open source components is an issue in most enterprises • The factors behind the friction between the process of DevOps and security

    • 11 min
    Building a Security-first Culture Starts with Coding

    Building a Security-first Culture Starts with Coding

    In this episode, we learn about changes in application security and the partnership between development and security. Chris Wysopal, Chief Technology Officer and Co-Founder of Veracode, joins us to discuss the synergy between these teams – and what best practices help create a solid devsecops program. Listeners will learn more about: • The factors behind the evolving relationship between development and security • What this change means for secure coding in the future • Action items for creating a security-first culture in the enterprise

    • 11 min
    Data Supports DevSecOps Practices

    Data Supports DevSecOps Practices

    In this episode, we will look at the emergence of DevSecOps in the enterprise. Tim Jarrett, Senior Director of Product Marketing with Veracode, joins us to explain the goal of building security into the software development process at the outset. Listeners will learn more about: • What research says about the effectiveness of DevSecOps • The core principles of DevSecOps • What is holding DevSecOps back from going mainstream? • Predictions on where this practice is heading in the future

    • 17 min
    The State of Software Security is Still a Challenge

    The State of Software Security is Still a Challenge

    In the first episode of the series, we are joined by Chris Eng, Vice President of Research at Veracode. We’ll detail highlights of the Veracode State of Software Security Volume 9 report and discuss what the findings reveal in terms of the progress companies are making with fixing flaws. How are factors like flaw severity, business criticality of applications, and exploitability of the flaws impacting how companies view vulnerabilities? We’ll also examine information about industry performance, differences by region, third-party component risks, and vulnerability trends to give security and development teams a holistic view of the state of software security.

    • 15 min

Top Podcasts In Technology

More by IDG