We’re excited to carry Rework 2022 again in-person July 19 and nearly July 20 – 28. Be part of AI and knowledge leaders for insightful talks and thrilling networking alternatives. Register at present!
Immediately, software safety testing platform ShiftLeft introduced that it had raised $29 million in further funding from SYN Ventures and Blackstone Improvements Investments, which might be used to speed up product improvement and broaden the answer’s protection of cloud native software architectures and languages.
ShiftLeft’s AppSec code safety platform, ShiftLeft Core, permits enterprise’s to make use of static software safety testing (SAST) and software program composition evaluation (SCA) to scan software code and third-party libraries for safety points and vulnerabilities.
The answer searches for vulnerabilities from the angle of an attacker and prioritizes them primarily based on these threats an attacker is most probably to compromise, whereas offering builders with step-by-step steerage on how you can remediate them.
For enterprises, ShiftLeft gives an answer that permits safety groups and builders to shortly determine application-level vulnerabilities, so that they have extra time to spend writing high-performance, safe software code.
Making the AppSec expertise extra user-friendly
The announcement comes as extra organizations are struggling to safe the functions used inside their environments, with research displaying that 34% of functions had a critical vulnerability in 2021, a rise of 21% from 2020, whereas 13% of functions had one to 2 critical vulnerabilities.
Because of this, many organizations are turning to software scanning options to search out and mitigate these vulnerabilities earlier than an attacker can. The issue is that the majority conventional SAST options provide little help to prioritize the excessive quantity of vulnerabilities found.
“Most functions have extra vulnerabilities than may be fairly addressed by safety and improvement groups. However not each software vulnerability must be mounted,” stated Manish Gupta, CEO and cofounder of ShiftLeft.
“Conventional SAST and SCA options merely produce lists of lots of or 1000’s of vulnerabilities, solely prioritized primarily based on CVE criticality. ShiftLeft takes a contemporary method the place we take a look at functions as a complete, together with their customized code and open-source dependencies, to uncover the entire vulnerabilities within the code,” Gupta stated.
Gupta additionally defined that the ShiftLeft CORE platform analyzes an software’s knowledge flows to determine which vulnerabilities may be exploited by the attacker. This prioritization mannequin signifies that builders don’t must waste time mitigating low-risk vulnerabilities or sifting via false optimistic alerts.
In keeping with Gupta, it’s a mannequin that’s extremely efficient, enabling ShiftLeft prospects to repair 92% of their riskiest vulnerabilities in lower than 20 days.
The AppSec market
ShiftLeft’s development has occurred alongside the event of the broader application security market, which researchers valued at $6.2 billion in 2020, and estimate will attain a price of $13.2 billion by 2025, as cybercriminals goal enterprise functions.
The supplier is competing in opposition to a variety of different software safety distributors organizations together with legacy suppliers like Veracode, a nine-time Gartner Magic Quadrant Leader in Software Safety Testing.
Veracode presents an answer for enterprises to conduct SAST, SCA, Dynamic Software Safety Testing (DAST), public internet software scanning, and handbook penetration testing. Earlier this yr, the corporate introduced it had grown its revenue by 13% and has mounted over 16 million safety flaws to-date.
Snyk makes use of safety intelligence to repeatedly scan, determine and robotically repair vulnerabilities in developer’s code.
At present, the primary differentiator between ShiftLeft and these opponents is its emphasis on prioritizing vulnerabilities that attackers are most probably to take advantage of. This method signifies that builders can concentrate on discovering fixes for the dangers that cybercriminals are most probably to take advantage of.