Nieuws
  • Aqua Kubernetes-Based Applications

    delivers seamless runtime security controls for clusters managed on Amazon Elastic Container Service for Kubernetes. Aqua, provides a platform for securing container-based and cloud-native applications, today announced its support for Amazon Elastic Container Service for Kubernetes (Amazon EKS). Supporting Amazon EKS uses Aqua’s Kubernetes-native security controls..... lees meer

  • Snyk Cool Vendor-App and Data Security

    “The heavy use of open-source components often lacks proper vetting for vulnerabilities and license obligations, as well as mechanisms to alert to new issues as they're discovered.” Gartner Cool Vendor. Snyk helps developers use Open Source Code & stay Secure. Continuosly find, monitor, fix, alert & prevent vulnerabilities..... lees meer

  • Boldon James launches Classifier 3.9

    Boldon James launches Classifier 3.9 – taking data classification to the next level and supporting EU GDPR compliance Latest release from leading data classification specialists expands extensive feature set to enable greater compliance with new EU Data Protection Regulations and offer best-of-breed automated and user-driven classification functionality..... lees meer

Snyk Cool Vendor-App and Data Security

We’re extremely humbled and honored to have Gartner name Snyk as a May 2018 Cool Vendor in Application and Data Security!

The Cool Vendor report (written by Neil MacDonald, Ayal Tirosh, Jeremy D’Hoinne, Dale Gardner, Pete Shoard, and Tricia Phillips) highlights interesting, new and innovative vendors, products and services. We feel being selected by Gartner to be one of five named in the report is gratifying, especially in the crowded application security space. We started Snyk with the belief we can build a security solution developers love, and one that truly addresses your open source security concerns. We believe this report validates our developer first approach and remediation automation focus are what customers need as they embrace open source and accelerate their digital transformation.

 

“The heavy use of open-source components often lacks proper vetting for vulnerabilities and license obligations, as well as mechanisms to alert to new issues as they’re discovered.”

Gartner, Cool Vendors in Application and Data Security, 4 May 2018

 

Closing The DevSecOps Loop

Organizations today struggle to combine the need to transform their digital practices, moving faster to adapt to market needs, and the need to remain secure while doing so.

In the October 2017 Gartner report 10 Things to Get Right for Successful DevSecOps a key challenge mentioned is that information security must adapt to development processes and tools, not the other way around.

Gartner further recommends to integrate security and compliance testing seamlessly into DevSecOps so that developers never have to leave their continuous integration or continuous deployment toolchain environment.

Snyk solves this challenge by focusing on the developers, empowering them to own security through seamless integration into development tools throughout the SDLC. Snyk doesn’t just integrate with these tools, but adapts the user experience to make developers successful – and happy – when using our solution. A core component of such success is automating fix actions, as the developer’s job doesn’t end with logging a vulnerability but with fixing it.

 

“Identify open-source components, as well as known vulnerabilities in those components, and leverage automated remediation, where available, to patch vulnerable components.”

Gartner, Cool Vendors in Application and Data Security, 4 May 2018

 

Precise Patches Augmenting Upgrades

Vulnerabilities are bugs, and the best way to fix them is to upgrade to a new library version wherein the bug was fixed – and Snyk automates such upgrades whenever possible. Unfortunately, there are quite a few cases in which upgrading a vulnerable open source library isn’t possible.

For instance, if you are currently using an old version of the library, upgrading may break your application’s functionality. Such upgrades carry significant risk and require extensive testing, making them expensive and delaying the remediation of the actual vulnerability.

In other cases, an upgrade is technically impossible due to conflicts with another dependency or having no path to upgrade an indirect dependency. The latter is especially common with newly disclosed vulnerabilities, as it often takes the dependency chain time to switch to the safer version of the vulnerable library.

For impactful vulnerabilities, Snyk would backport the needed fix and create a patch that customers could immediately apply, making application open source dependencies enterprise grade just like RedHat does for system dependencies.