🛎 POST: Who are the leading software supply chain security (SSCS) vendors, and what truly differentiates them? ➡ Over 96% of CISOs have stated they are currently using or considering implementing SSCS solutions within the next 12 months. Together with recent regulations coming from the US Govt for SBOMs, this has created a massive tailwind for SSCS vendors. 🔄 With the ever-growing concerns around software supply chain since the Solarwinds and CodeCov attacks, many security vendors have emerged within the last five years to solve this problem. The sector is quickly becoming fragmented, making it difficult to differentiate between emerging and legacy vendors. 📃 I wrote a deep dive analyzing over 20+ vendors in this market. I talked to several founders and teams. Together with Clint Gibler, we put together a report highlighting the findings following our initial software supply chain framework of analyzing the source, build, and deploy stages of the SDLC. The vendors we discuss secure source code, CI/CD pipelines, SCA solutions, and detecting malicious dependencies. Whether you're a CISO, developer, investor, or tech enthusiast, we hope this report serves as a starting point. 👉 See the full analysis here: https://lnkd.in/gunw_iDh (PS: Important to note that the market map is a sample depiction of the key players within each category.) #SoftwareSecurity #SoftwareSupplyChain #SSCS
Sourabh Satish
7mo
Francis Odum: Please checkout Pangea Cyber (https://pangea.cloud/). We are building a SPaaS (Security Platform as a Service) offering for Developers and that is about baking security "in" the application via APIs. We offer APIs for services like AuthN, AuthZ, Audit Logging, PII Redaction, Keys and Secrets Management, File Scan,File Store, Threat Intelligence etc. We have 18 such services available as of today. Would love to hear your feedback. We are pretty early and defining a new category. Just wanted to bring it to your attention. Warren Weiss Sid Trivedi
Great post ! Perhaps most of these tools miss to provide you a critical element that helps to prioritize the issues found in your infrastructure — runtime context. ThreatMapper (https://github.com/deepfence/ThreatMapper) is a free and open source tool that adds runtime context to the attack surface that helps to prioritize the remediation process. In addition ThreatStryker, the enterprise edition, provides unique insights about application behavior that provides security for the entire workloads and infrastructure. Against known and unknown attacks !
Xygeni
7mo
Great articles Francis Odum! 🙋 Here is a new End-to-End Software Development and Delivery Security platform www.xygeni.io We would love to know your opinion! And give you more information about what we are doing 😊.
Great overview of the market! I believe Backlash Security is a new player here https://www.backslash.security/ Shahar Man
Thanks for the study ! Very informative. Any specific tooling for API security?
Zach Rickenbach
7mo
Francis Odum - Missing Sysdig for Cloud Security and containers. https://sysdig.com/
Matthew O. Fisch
7mo
Great Map overview ! Thanks! Missing #CyngularSecurity for CIRA Clould Security Autonated investigation & Response! https://www.cyngular.com/
Eyal Paz
7mo
Well written blog, highly recommend reading the full text
CEO & Founder at Ockam
7moYou are missing Ockam. A developer tool that allows engineers to build applications that can trust the data that moves between them. To build secure-by-design applications, Ockam is something that every developer needs to build into every application. You may need another category under application security called "Data connectivity" that captures data authenticity, privacy, integrity, security? https://www.ockam.io/blog/announcing_orchestrator