Maverix

Maverix Maverix Inc. is a software product company offering a market leading application security correlatio

Join Java and Apache Software Foundation experts, Brian Fox, CTO at Sonatype, Ilkka Turunen, Field CTO at Sonatype, and ...
12/14/2021

Join Java and Apache Software Foundation experts, Brian Fox, CTO at Sonatype, Ilkka Turunen, Field CTO at Sonatype, and Steve Poole, Developer Advocate at Sonatype as they discuss everything you need to know about the Log4j exploit.

https://bit.ly/log4j-sf

There are two main challenges in the modern world of software development. The first one is reducing time-to-market and ...
12/12/2021

There are two main challenges in the modern world of software development.
The first one is reducing time-to-market and the second is application security.
Currently, application security processes are often not properly integrated into DevOps.
Many companies start adopting AST tools and practices into their existing DevOps process without a clear strategy. As a result, they get into a mess and have problems with AST at the very beginning.
Here are some questions that arise in such a situation
• At what stage and how can you properly use the results provided by AST tools and fix the huge lists of vulnerabilities they found?
• How can you prioritize all the reported vulnerabilities?
• What analytics can help understand the results?
• How do you measure your progress?
How to properly approach the integration of AST tools in DevOps, avoid problems and find a clear answer to emerging questions?
Find out in our KB article
https://maverix.ai/help/mergedProjects/KB/From_DevOps_to_DevSecOps.htm

On July 12, 2021, Gartner published an updated Hype Cycle for Application Security, 2021.This report shows that the adop...
12/01/2021

On July 12, 2021, Gartner published an updated Hype Cycle for Application Security, 2021.

This report shows that the adoption of cloud-native design patterns and the mainstreaming of microservices architectures, containers, and functions have accelerated the adoption of application security controls. Gartner’s Enabling Cloud-Native DevSecOps Survey for 2021 showed that more than two-thirds of the participating organizations are using static application security testing (SAST) in development to secure cloud-native applications.

Gartner’s analyst Dale Gardner defines ASOC tools as a solution that allows easing software vulnerability testing and remediation by automating workflows and processing findings. ASOC tools correlate and analyze findings to centralize efforts for easier interpretation, triage, and remediation.

It is highly important to know, that ASOC products support broad integration and interoperability with commercial application security testing products, enabling greater control over and visibility into testing. Orchestration capabilities allow solutions to interact with continuous integration/continuous delivery (CI/CD) toolchains to specify testing and control the release of a given build based on results.

Key drivers for this solution class are the following:

• Struggling with prioritizing vulnerability remediation and mitigation efforts during and after development, given the growing volume of information provided by application security testing tools. In this case, ASOC tools address this challenge by ingesting information from multiple testing sources, correlating results, and increasingly aiding in the automation of prioritization and triage tasks.

• Difficulty in reporting the risk posture of applications, absent meaningful business metrics and threat intelligence between developers and operations team. ASOC helps to translate raw vulnerability data into a form more relevant to executives and application owners.
Gartner estimated the market pe*******on of ASOC tools at 5% to 20% of the target audience.

We are happy to introduce our DevSecOps platform solution - Maverix One. Maverix One is an Application Security Orchestr...
11/30/2021

We are happy to introduce our DevSecOps platform solution - Maverix One.

Maverix One is an Application Security Orchestration and Correlation (ASOC) class platform solution that integrates application security testing into DevOps process.

In the modern world, it became obvious that software companies need to integrate security into their DevOps processes.

DevOps employs multiple software engineering and application security testing tools. Their integration becomes complex and expensive when done in a custom fashion, and may take several years.

Besides, there is an ongoing challenge of supporting these integrations.

In the existing situation, companies require a product that acts as a management layer and handles all integrations.

Maverix One embeds itself into the existing DevOps process, brings all required integrations with software engineering and application security tools, and manages the application security testing process end-to-end.

More at https://maverix.ai/

Address

1850 Gateway Drive, Suite #150
San Mateo, CA
1850

Telephone

+16465832395

Website

Alerts

Be the first to know and let us send you an email when Maverix posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share

Category