rvlsoft - Fotolia
Software security specialists Rapid7 and Snyk have joined forces to help application developers build security into their systems earlier in the software development lifecycle.
This process, known as "shifting left," involves finding vulnerabilities earlier in the development process and fixing them on the spot rather than waiting for QA testing and monitoring. According to researchers, web applications and software vulnerabilities represent two of the top methods external attackers use to invade systems, which calls for an end-to-end approach to security.
As such, Rapid7, which offers security analytics and automation software, has teamed up with Snyk, maker of a vulnerability database that helps developers find and fix vulnerabilities in their code. The combination will help bridge the gap between security and development and provide continuous monitoring capabilities for the software post-production.
"Rapid7 is a respected player in the vulnerability management and DevSecOps spaces," said Chris Gonsalves, senior vice president of research at The 2112 Group in Port Washington, N.Y. "They clearly see value in ingesting Snyk's vulnerability database into their cloud platform. They believe the enhancements and enrichment Snyk brings to the intelligence feed -- via their own security research and their academic and infosec community collaborations -- make the integration partnership worthwhile."
Specifically, the integration of Snyk's vulnerability database will enable Rapid7 to offer visibility and control to customers through detailed coverage of risk in open source libraries and containers, the companies said.
According to recent Snyk research, software vulnerabilities in open source libraries nearly doubled over the last two years.
"Developers are now coming to the realization that they have to be mindful of the open source software they use to make sure there are no vulnerabilities in the applications that they're building," said Peter McKay, CEO of London-based Snyk.
Chris GonsalvesSVP of research, The 2112 Group
Moreover, because of demands for digital transformation across industries, there is a four million-person gap between open security positions and people available with skills to fill security jobs, McKay said.
"So, it is imperative that developers take a bigger role in building security into new applications," he said. "We're shifting the role traditionally done by security people and putting more responsibility in the developers' hands by embedding security into a developer tool."
Gonsalves echoed the sentiment.
"A key thing this integration does is it gets folks talking about a crucial topic, namely finding ways to get developers to care about security early enough in the SDLC [Software Development Life Cycle] to actually do something about it," Gonsalves said.
Meanwhile, in other Snyk-related news, the company introduced improved support for Python in its Snyk Open Source product to help developers find and fix vulnerabilities with the help of automated fix pull requests. Snyk Open Source helps Python developers build more secure apps by providing automated remediation steps.