SecOps solution launched to tackle open source code bugs

Trend Micro Incorporated has launched a new co-built SaaS solution with Snyk, a leader in cloud native application security. The SaaS solution is designed to provide continuous insight into open source vulnerabilities for enhanced risk management to drive data-driven decisions.

Trend Micro Cloud One – Open Source Security by Snyk is the newest Cloud One service and the first partner addition to the platform, which is available through the channel and through AWS Marketplace. The SaaS solution provides visibility into open source software vulnerabilities for security operation teams; the prevalence of these open source code components has increased due to the speed, flexibility, extensibility and quality they offer to application development teams.

Snyk has observed significant growth in open source vulnerabilities over the past three years, making it more necessary than ever to deliver security further into the DevOps pipeline. However, process gaps, mismatched toolsets and communication challenges between SecOps and DevOps are commonplace. This means security practitioners lack visibility into application build-time risks. The cloud service from Trend Micro and Snyk bridges the challenges between security and development teams with a unified solution that delivers visibility sooner in the software development life cycle to further protect the stack.

Geva Solomonovich, Global Alliances CTO for Snyk, noted that adding Snyk’s developer-first security technology to Trend Micro’s Cloud One allows more customers to tackle open source risk on a single platform, minimising the need to manage multiple vendors and tools.

“Together Snyk and Trend Micro are investing in the future of the cybersecurity industry, where security and development teams effectively work together to make their organisations safer,” Solomonovich said.

Trend Micro Cloud One – Open Source Security by Snyk also enables SecOps to identify vulnerabilities and issues related to licensing. This empowers security teams to monitor, prioritise and communicate risk and exposure rates within DevOps projects over time. This happens with data-driven security decisions, continuous monitoring of threat levels, and effective prioritisation of risks and remediation recommendations.

“With this one solution, we’re able to solve several problems and use technology to bridge internal gaps. This offering can save over 650 hours of development time per application through increased automation, helps to manage risk and liability with licence requirements and gives security teams visibility into a part of our functional code base that has not been accessible before,” said Kevin Simzer, Chief Operating Officer for Trend Micro.

Built-in automation also helps security teams quickly identify indirect open source dependencies that both security and developer teams may not be aware exist in their applications. This can save approximately eight hours per vulnerability through automation and early discovery.

Image credit: ©stock.adobe.com/au/zephyr_p