Application Security , Next-Generation Technologies & Secure Development , Video

Veracode CEO Sam King on Joining AppSec, Container Security

King Shares Why Software Smarts Trumps Infrastructure Expertise in Cloud Containers
Sam King, CEO, Veracode

The push to migrate applications to cloud-native architectures has driven increased use of containers and created the need for more security. Containers now face a host of vulnerabilities introduced through other software, misconfiguration and poorly managed secrets, such as Amazon Web Services credentials in Dockerfiles.

See Also: SIEM Wishlist: Top 5 Reasons Security Teams Can’t Wait to Upgrade

Veracode has been focusing on application security since it was founded in 2006. Veracode CEO Sam King says that application security heritage helps the company identify open-source code and known vulnerabilities in containers and fix them, while infrastructure security companies struggle to spot container software issues.

That's a differentiator for the company's new tool - providing insight into what's in the container as well as the vulnerabilities being inherited and running in production environments (see: Synopsys, Checkmarx Top Gartner MQ for App Security Testing).

"For us, everything is driven from software out, because ultimately it's about making what is in the container secure," King says. "A number of other providers that have come at this from a core outside of software security are potentially looking at it more outside in, maybe how the container is running in the runtime environment. But we are focused more on what the container contains."

In this video interview with Information Security Media Group, King also discusses:

  • What the Synopsys-WhiteHat deal has meant for Veracode;
  • Veracode's investments in the SCA and SBOMB markets;
  • Issues for clients looking to secure their software supply chain.

King is a founding member of Veracode and has played a significant role in the company's growth trajectory over the past 16 years, helping to mature it from a small startup to a company with a more than $2.5 billion valuation. Under her leadership, Veracode has been recognized with several industry distinctions, including a nine-time consecutive leader in the Gartner Magic Quadrant, leader in the Forrester SAST Wave, and a Gartner Peer Insights Customer Choice for Application Security. Prior to Veracode, King held leadership positions in cybersecurity and technology companies including Verisign and Razorfish. She currently sits on the board of Progress Software and ZeroFox.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.