Press Release
Contrast Security Releases New Capabilities to Secure Enterprise Software Supply Chains
Leading AppSec provider combines vulnerability testing for custom and third-party code across build, test, production and cloud-native environments.
March 15, 2022 — Los Altos, CA — Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, today announced that its Secure Code Platform now integrates software supply chain security across the development lifecycle, from the developer desktop to production systems. The new integration makes Contrast the first platform on the market that allows enterprises to identify their biggest supply chain risks and defend against them.
As a direct response to the 2021 ransomware attack that shut down the Colonial Pipeline, President Joe Biden’s Cybersecurity Executive Order imposes strict standards for any software sold to federal agencies. More recent zero-day events such as the log injection vulnerability embedded in the popular Log4j Java library have also forced businesses in the private sector to re-evaluate the security standing of software imported, built and consumed by developers.
“Together, open-source and custom code are the ingredients to the applications that businesses build, buy and ship,” said Jeff Williams, co-founder and CTO at Contrast Security. “Testing these software ingredients separately lacks context and leads to both false positives and false negatives. To accurately identify vulnerabilities organizations must perform security testing on the entire integrated application or API, which reveals how custom code and open-source interact.”
Contrast integrates software composition analysis (SCA) with each of its security testing and protection solutions including its industry-leading interactive application security testing (IAST), runtime application self-protection (RASP) and Serverless Application Security solutions. Integration with Contrast’s static application security testing (SAST) solution is coming soon. The Contrast Secure Code platform helps businesses close security gaps in their software supply chain by:
- Testing for custom and third-party code vulnerabilities simultaneously within native CI/CD pipelines and cloud-native environments.
- Producing a comprehensive software bill of materials (SBOM) to help benchmark software supply chain risk and satisfy regulatory and compliance requests.
- Removing the need to chase fixes for inactive libraries pulled in from code repositories by flagging libraries that are actually called at runtime.
- Finding third party security issues in cloud-native workloads like serverless functions (e.g., AWS Lambda)
- Protecting production applications and APIs from targeted attacks with no patching or code changes required.
Jeff Williams, Co-Founder and CTO at Contrast is scheduled to participate in a virtual, fireside chat with Melinda Marks, Senior Analyst with ESG Research, at 2 p.m. EST on Tuesday, April 6, 2022 to discuss how recent events like Log4j have prioritized software supply chain security, the role of SBOMs and other techniques businesses need to consider to embed secure coding practices for third-party components. To register for the upcoming joint ESG Research and Contrast webinar, please visit https://www.contrastsecurity.com/webinar-esg.
About Contrast Security:
Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.
Media Contact:
pr@contrastsecurity.com
Recent Press Releases
Featured
10/23/2024
Contrast Security Launches Managed Application Security
Best-in-class managed Application Security Testing and Application Detection and Response, powered by the people who built it.