Latest news with #ApplicationSecurityPostureManagement
Business Wire
22-07-2025
- Business
- Business Wire
Veracode Joins the Wiz Integration Network (WIN) to Eliminate Application-to-Cloud Security Blind Spots
BURLINGTON, Mass.--(BUSINESS WIRE)-- Veracode, a global leader in application risk management, today announced a partnership with leading cloud security provider, Wiz, joining the Wiz Integration (WIN) platform. The alliance enhances WIN by bringing the power of Veracode Risk Manager (VRM) to the partner ecosystem, enabling customers to seamlessly integrate Wiz and Veracode solutions into their existing workflows. Security teams are overwhelmed—not by a lack of data, but by too much of it, spread across too many disconnected tools. By integrating Wiz's deep cloud security findings into Veracode Risk Manager we're giving a clearer, faster, prioritized view of risk. Share The sheer volume and variety of vulnerability data can put pressure on even the most mature organizations. Veracode Risk Manager is an Application Security Posture Management (ASPM) solution designed to address this challenge by unifying risk from code to cloud, and automating prioritization and remediation to help security teams resolve critical flaws faster. With VRM connectors—connectors to third-party findings and asset sources—security teams get a consolidated view of risk across the entire software development lifecycle. These connectors ingest Veracode's static, dynamic, and software composition analysis findings alongside issues uncovered by third-party tools, like Wiz, to help security teams trace root causes, prioritize risk, and remediate accordingly. 'Security teams are overwhelmed—not by a lack of data, but by too much of it, spread across too many disconnected tools,' said Derek Maki, Head of Product at Veracode. 'By integrating Wiz's deep cloud security findings directly into Veracode Risk Manager and correlating with Veracode application security testing detections, we're giving security teams a clearer, faster, and prioritized view of risk so they can take immediate action.' WIN enables Wiz and Veracode to share prioritized security findings with context, including inventory, vulnerabilities, issues, and configuration findings. Mutual customers receive the following benefits: Smarter, more accurate risk prioritization: Wiz's findings feed directly into Veracode Risk Manager, enhancing its scoring model and enabling more accurate prioritization of security issues based on real-time, contextual risk data. Less noise, less burnout: By aggregating all risk data and applying the right context and prioritization, the integration helps security teams focus on the most critical issues, reducing alert fatigue and improving operational efficiency. Certified, reliable integration: A rigorous certification process ensures the connector between Wiz and VRM is reliable, consistent, and jointly supported. Customers can trust that data flows correctly and that both teams are equipped to troubleshoot any issues that arise. The combined value of these two offerings will streamline security for organizations that are on a cloud journey, regardless of where they may be on that journey. 'By bringing Veracode into the WIN ecosystem, we're expanding the power of cloud-native context to help organizations connect the dots between application and cloud risk,' says Oron Noah, Vice President of Product Extensibility & Partnerships at Wiz. WIN enables a cloud security operating model through which security and cloud teams work collaboratively to understand and control risks across their Continuous integration/Continuous Delivery (CI/CD) pipeline. Through the partnership, Wiz and Veracode are setting the industry standard in integrated solution strategy to optimize operational efficiency. Current Veracode Risk Manager customers can enable the Wiz connector today through the Wiz Integrations Page. For a personalized demo of how this integration can transform an organization's application security program, visit About Veracode Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world's leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing. Learn more at on the Veracode blog, and on LinkedIn and X. Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands, or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
Techday NZ
18-07-2025
- Business
- Techday NZ
Cycode & HackerOne integrate to speed software vulnerability fixes
Cycode and HackerOne have announced a partnership aimed at streamlining the remediation process of vulnerabilities found through bug bounty programmes by leveraging Application Security Posture Management (ASPM). Bug bounty programmes have become essential to application security strategies, enabling organisations to uncover and validate security vulnerabilities by engaging a community of ethical hackers. HackerOne has developed its reputation for discovering and validating these issues at scale, while Cycode provides ASPM capabilities designed to support security and development teams through vulnerability management. The partnership will see findings from HackerOne integrated directly into Cycode's platform. This integration is intended to enable rapid assignment, triage, and remediation of validated vulnerabilities, providing security and development teams with additional context to address issues effectively. "Security threats are evolving fast, and fixing vulnerabilities quickly is more important than ever. Our integration with Cycode gives customers and partners the real-world context and automation they need to move faster. By combining HackerOne's exploit data with Cycode's ASPM capabilities, teams can prioritize the right risks and resolve them earlier in development, so they can ship safer software, faster." – John Addeo, VP Global Partner Ecosystem at HackerOne According to the companies, vulnerabilities identified through bug bounty reports often represent the most urgent and actionable risks, given that they are verified by independent security researchers and demonstrate exploitability in live environments. However, data from these bug bounty reports frequently resides outside the tools developers use day-to-day, leading to delays and inefficiencies in addressing them. Through the new integration, HackerOne's findings will be ingested into Cycode's Risk Intelligence Graph (RIG), described as a unified knowledge base of security issues across the software development lifecycle. Each bug bounty report incorporated into RIG will be enhanced with details such as repository mapping - which identifies the precise source code repository where a vulnerability originated - developer ownership to identify responsible parties, and deployment context relating to the specific services or infrastructure affected. Cycode believes that providing this level of detail gives security teams a clear path from discovery to remediation, while also offering developers actionable context to address issues without unnecessary delay or manual triage. "Vulnerabilities from HackerOne represent some of the most urgent and actionable risks organizations face. By bringing those findings into the Cycode platform, we're giving teams critical context, ownership mapping, and developer engagement they need to fix issues faster and with greater confidence. This partnership is about helping our customers build more secure software at scale without slowing down velocity." – Prasad Raman, VP Partnerships at Cycode The collaboration is also expected to accelerate remediation times for shared customers by linking each HackerOne report directly to the relevant code owner. This connection enables teams to meet service-level agreements and reduce mean time to resolution, which is especially important for high-severity vulnerabilities. Another advantage cited by the companies is the ability to leverage HackerOne's real-world exploit data to improve risk scoring and prioritisation. According to Cycode, this ensures that limited security resources are focused on issues with the highest potential impact. The integration is designed to work within the toolchains already used by developers - including platforms like Jira, GitHub, GitLab, and Slack - so that findings arrive complete with actionable information and do not require further clarification from application security teams. Both Cycode and HackerOne state that the partnership is more than just a technical integration, positioning it as a means to strengthen application security workflows overall. HackerOne aims to turn validated bugs into resolved issues, which it sees as a way to bolster customer satisfaction. Cycode, meanwhile, benefits from extended detection capabilities and the ability to contextualise issues based on exploitability in production. The two companies emphasise that customers stand to benefit from greater efficiency, stronger collaboration, and a more connected approach to securing software throughout development and deployment lifecycles.
Techday NZ
28-04-2025
- Business
- Techday NZ
Checkmarx One brings cloud security tools directly into IDEs
Checkmarx has announced new developer experience enhancements by integrating its Application Security Posture Management (ASPM) solution directly into widely used integrated development environments (IDEs). The cloud-based Checkmarx One application security platform aims to facilitate AppSec-related tasks for developers and incorporates tools designed to help prioritise and remediate vulnerabilities efficiently, supporting developer workflows at scale to meet organisational requirements. The updated platform includes the Head of Engineering Dashboard, which provides a unified, data-driven overview, displaying both the volume of open vulnerabilities categorised by severity and the progress each team has made towards achieving defined security service-level agreements (SLAs). Research highlighted by Checkmarx shows that 72% of developers in large enterprises spend over 17 hours per week on security-related activities, creating a clear need for streamlining such processes. The integration of the ASPM solution into the IDE environment is intended to address this issue by enabling developers to assess and address vulnerabilities more rapidly without having to resort to separate tools or processes. Katie Norton, Research Manager for DevSecOps and Software Supply Chain at IDC, said: "Bringing ASPM context directly into the IDE reflects a forward-looking approach to prioritising security efforts based on risk earlier in the development process. By surfacing relevant insights in context and reducing reliance on downstream ticketing systems, Checkmarx can help developers take timely action on high-priority findings and improve collaboration between security and engineering teams." Alongside the delivery of ASPM within the IDE, Checkmarx has introduced several new features in Checkmarx One intended to simplify the application security process for developers. The first is Pre-commit Secrets Scanning in the IDE, driven by the Checkmarx One detection engine, which is designed to help developers avoid repetitive fixes, decrease engineering effort, and proactively protect organisational assets. Secondly, the platform now integrates with JFrog Artifactory, supporting the protection of proprietary code and facilitating compliance within private code registries. This is expected to empower developers to maintain faster timelines for delivering secure code. The Head of Engineering Dashboard is also introduced to give engineering leaders direct access to metrics and insights that can help reinforce AppSec best practices and enhance efficiency across their teams. Ori Bendet, Vice President of Product at Checkmarx, stated: "Developer experience is no longer a nice to-have but a must-have for every AppSec program. Scaling application security across the enterprise is hard and the key to success are the development teams. Checkmarx One offers everything security and development teams need to be successful. Now we're taking it one step further and bringing the ASPM view for developers right to where they work." Checkmarx One is positioned to provide comprehensive coverage for any cloud-native application during development, aiming to combine both speed and security to address the growing issues presented by software supply chain attacks, API threats, and malicious code.
