Checkmarx

Our latest Future of Application Security report has just dropped and it’s a window into how organizations are adapting to a world where software is increasingly written by machines. After talking to 1,500 AppSec stakeholders across the planet, we’ve uncovered some facts that should make everyone stop and think, including:  • 98% of organizations experienced a breach from vulnerable code.  • 81% of organizations admit to knowingly shipping vulnerable code.  • A third of Developers admit that over 60% of their code is AI-generated but only 18% have policies governing its use.  But it’s not all doom and gloom. You’ll find plenty of practical advice in the report, including six strategic imperatives for closing the application security readiness gap and how to prepare for the year ahead.  Get your copy now> https://lnkd.in/eTyF8T7y

Great to see Wiz highlight ZAP by Checkmarx Core — one of the most widely used open-source #security tools, trusted by the global security community. 🌍   Built by and for the security community, ZAP (formerly OWASP Zap) remains fully open source with frequent stable and pre-release builds. With the core maintainers now at Checkmarx, we’re committed to ensuring its long-term growth and stability.    For Checkmarx users, ZAP brings enhanced engine development, offering the most secure, optimized and up-to-date solutions for Dynamic Application Software Testing (DAST) including #runtime and #API security scanning and protection.   Thanks to Wiz for helping shine a light on this important project. 👉 Read their article: https://lnkd.in/gDSXzavW #technology #innovation #opensource #appsec

CAPTCHAs were meant to keep bots out. But today, AI can solve them faster than humans. From distorted text to “select all the stairs,” the game has changed, leaving security teams to rethink what “human verification” really means. Bruno Dias, our Checkmarx Zero Analyst, explores why CAPTCHAs alone aren’t enough anymore, and what’s next in the arms race between AI and defenders. Read the full article 👉 https://lnkd.in/e3yftfB5

Brace yourselves for some new research to come from Katie Norton at IDC (we are!). The #AI of it all is a clearly a very real driver for application security concerns and fueling plans for #AppSec investment.

✈️ Cebu Pacific Air set out to strengthen security while keeping development moving fast. With Checkmarx One, they streamlined AppSec across teams, embedded security into CI/CD, and cut their vulnerability density nearly in half. What started with 10 security users has now scaled to more than 100 developers actively building securely, with faster remediation, reduced backlog, and compliance confidence. Read the full case study to see how Cebu Pacific transformed their AppSec program with Checkmarx One: https://lnkd.in/eMG2Qt9N

🐾 Today we’re celebrating National Dog Day 🐾 Just like our loyal four-legged friends guard the house, Checkmarx keeps watch over your applications. From sniffing out hidden vulnerabilities to standing guard against threats, we keep your code safe and secure. Here’s to the dogs that protect our homes and the tech that protects your code. #NationalDogDay #Checkmarx 

AI that blackmails engineers. AI that wipes production databases. AI that fabricates thousands of fake users. These are not sci-fi scenarios. They are real incidents that happened this year. As Agentic AI moves deeper into software development, the risks are multiplying faster than most enterprises can govern them. In his latest article, 🚀 Eran Kinsbruner, author and VP of portfolio marketing, unpacks what this means for AppSec and lays out five practical pillars for adopting AI safely. https://lnkd.in/eGfJ2yp7

Nation-state adversaries aren’t slowing down. They’re using AI to outpace defenses, which means agencies can’t wait until the end of the process to secure mission-critical systems. In a recent article, Rusty Sides, our Director of Solutions Engineering, shares nine ways to build security in from day one. These include secure coding programs, threat modeling, code reviews, and strong design practices. Read the full article in Government Technology Insider: https://lnkd.in/g8VS92Uc

Security shouldn’t slow delivery, and now it doesn’t have to. Harness Security Testing Orchestration (STO) now integrates with Checkmarx One, allowing DevOps and AppSec teams to automate scans on every commit or build, view results in a single, de-duplicated dashboard, and enforce governance with policy-driven gates. The result is faster detection, guided remediation, and security built directly into the CI/CD pipeline without disrupting developer workflows. See how the integration works and why it matters: https://lnkd.in/eV-mBED9

Organizations are racing to deploy faster than ever. But AI, multi-cloud, and complex supply chains are widening the security gap. We asked 1,500 security leaders how they’re adapting, and here’s what they said: 💻 AI writes up to 60% of code in some orgs ⚠️ 81% knowingly ship vulnerable code 🔓 98% suffered a breach in the last year The Future of Application Security report is here. More than a wake-up call, it’s a playbook for resilience in the AI era -> https://lnkd.in/eTyF8T7y