Take a look at all of the on-demand classes from the Clever Safety Summit here.
Cybersecurity isn’t simply the duty of the safety crew. To safe trendy cloud environments and purposes, builders and safety groups want to have the ability to collaborate to determine dangers within the software program provide chain and mitigate them as quickly as attainable. Enter DevSecOps.
That’s why at present, developer safety supplier Snyk introduced that IT operations administration vendor ServiceNow has made a $25 million strategic funding within the group, following a $196.5 million Sequence G funding in December 2022.
Snyk additionally introduced the discharge of a brand new integration for ServiceNow’s Vulnerability Response resolution with Snyk Open Supply, which can allow safety groups and builders to collaborate and handle vulnerabilities found in open-source merchandise and purposes.
The mandate for DevSecOps
This partnership displays a common pattern of organizations implementing safety earlier within the software program improvement lifecycle to safe the software program provide chain. As an example, in response to GitLab research, over one-third of safety execs report being “hands-on” and concerned each day with dev and ops in 2022, a rise of 11% from 2021.
Clever Safety Summit On-Demand
Be taught the important function of AI & ML in cybersecurity and trade particular case research. Watch on-demand classes at present.
Within the age of cloud adoption, DevSecOps is important for enabling safety groups to successfully handle disparate purposes, companies and open-source software program parts as a result of it supplies them with direct entry to help from builders, who can repair code-level vulnerabilities wherever they exist within the atmosphere.
“In at present’s enterprise, new challenges and complexities have emerged as the general assault floor has expanded and the clear delineation of safety tasks has blurred. A lot of at present’s cloud safety failures end result from ineffective cross-team collaboration and crew coaching to deal with this transformation and guarantee a tightened safety posture,” stated Peter McKay, CEO of Snyk.
A part of the problem is that safety groups and builders usually lack the instruments wanted to collaborate successfully. As an example, McKay highlights Snyk’s State of Cloud Security Report, which discovered that 77% of organizations cited ineffective collaboration as a big problem, with completely different groups utilizing disparate instruments or coverage frameworks.
DevSecOps supplies a solution to this by giving safety groups entry to builders’ technical experience to allow them to higher perceive the dangers of implementing new software program.
“Involving builders in safety selections ensures that safety measures are built-in into the event course of relatively than being added as an afterthought. Safety is subsequently constructed into the system from the beginning relatively than being tacked on later, which might be tougher and costly,” McKay stated.
Snyk’s partnership with ServiceNow may help to facilitate this communication, offering builders with an answer that routinely integrates with the software program improvement workflow, alongside software program composition evaluation, which supplies a mechanism to guage code dangers and reply to precedence threats.
A short take a look at Snyk, SonarQube and Veracode
As increasingly organizations look to safe the software program provide chain and improve their knowledge safety posture, researchers count on the worldwide DevSecOps market to extend from a price of $2.59 billion in 2021 to $23.16 billion by 2029.
With over 2,500 clients, together with organizations like Google, Salesforce, MongoDB, New Relic, Asurion and Revolut, Snyk is among the largest suppliers within the house, nevertheless it’s additionally competing towards some important distributors.
One among Snyk’s most important opponents is SonarQube, at present valued at $4.7 billion after elevating $412 million as a part of a funding round in 2022. The corporate affords a code evaluation resolution for checking code for reliability and safety points. SonarQube additionally affords integrations with devops platforms together with GitHub, GitLab, Bitbucket and Jenkins.
Veracode, which analysts at present value at $2.5 billion, supplies an identical utility safety testing resolution that caters to each builders and safety groups. It’s able to scanning over 100 languages and frameworks, and producing step-by-step remediation steerage.
At this stage available in the market’s improvement, McKay argues that Snyk’s emphasis on developer-centric safety is its key differentiator from these organizations.
“Snyk allows a world the place tens of millions of builders globally constructing our future even have the ability to safe it. That is achieved by empowering builders with safety instruments, permitting them to proceed to develop each rapidly and securely throughout the platforms they’re already most snug with,” McKay stated.