Security Vulnerabilities


A CISO’s Guide To Application Security – Part 1: Defining AppSec

Editor’s Note: This post is the first in a multi-part series on Application Security, or “AppSec” prepared by our friends over at application testing firm Veracode. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.by Fergal Glynn, Veracode Inc.


The threats and attacks may have changed in the last decade, but one thing has remained constant: software giant Microsoft doesn’t pay for vulnerabilities. Never has. Never will. Even as rivals like Mozilla and Google have introduced bug bounty program, the Redmond Washington giant has stuck doggedly with a position it articulated almost a decade ago, refusing to offer monetary rewards for information on software holes. But security experts say that position may have to change.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.