Introducing Qwiet AI AutoFix! Reduce the time to secure code by 95% Read More

The Qwiet AI team had a great time this past week at the Gartner Risk Summit.   There were a lot of interesting sessions, engaging hallway conversations, and I had an opportunity to talk with folks one on one at our booth about the newly released prioritization options we released alongside our new licensing compliance feature.

 

A common topic that came up was prioritization.  Most of the people I spoke with from the AppSec side of the house said they felt frustrated when dealing with results from their existing application scanning tool because there were so many results and so little options for prioritizing what to fix first.  One person confided, “Even if I only get 100 results from a scan (which is rare), it may as well be 5000 results, because it’s still a lot of fixes for me to send over to the developers.  Despite helping them secure their code, I’m seen as the bad guy because I’m adding to their tech debt.”  Conversations like this were in the majority over the 3 days of the conference.  Thankfully, I had a solution I could share.

Our preZero platform has always had top-notch accuracy and reachability, but we’re on a constant quest to make it easier for our customer to prioritize their fixes.  Our latest update added improved filtering options to help you get to the most important results quicker than before.

So let’s take a look at how you can quickly drill down to the most important vulnerabilities that will have the biggest impact on your overall application risk.   We can see from the scan below there are 272 open source vulnerabilities.  A lot for any organization to tackle.

 

So first let’s isolate just the reachable vulnerabilities.  Under “Advanced Filters” you’ll see a checkbox to filter on “Reachable”.


That quickly brings us from 272 down to 111.  Dramatic improvement, but we can go even further by just selecting the Criticals.  This can be done from either the “Severity” drop down (1) or clicking the Red box in the “Reachable” area(2). 

 Now we’re down to 14 total.  A manageable number of results, but we can take it one step further and utilize our Blacklight feature.  Go to the “Exploitability” drop down and select “Exploitable”. 

This takes you to the 6 critical vulnerabilities that have active exploits targeting them out in the wild.  With just 3 clicks you’ve gone from 272 to 111 to 14 and finally to 6.  A very quick and easy way to prioritize your remediation efforts to those vulnerabilities that represent the biggest risk to your organization.  WIth this approach, our customers can satisfy AppSec’s goal of reducing risk while also keeping development producing secure code without adding tech debt.  

 

It was great rolling this feature out during the Gartner Risk Conference because I was able to get consistent positive feedback demo after demo over 3 days.  One of our customers stopped by the booth and after I walked through this new feature with him, he immediately started thinking about how quickly he could get this added into his remediation workflow.  This feature is just the start of a whole slew of product enhancements we have planned over the next few months, all with the goal of helping organizations Qwiet the noise and focus on what’s important: producing secure code.  

About ShiftLeft

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California. For information, visit: www.shiftleft.io.

Share

Read Next

AI Announcements Cybersecurity
April 29, 2024 4 min to read

The Qwiet AI Code Doctor Will See You Now – Introdu...

by Stuart McClure

Qwiet AI and the ancient Greek physicians like the father of medicine Hippocrates have much in common. Hippocrates highlighted the significance of a healthy diet and lifestyle in preventing diseases and acknowledged the root cause of physical and psychological ailments as diet and lifestyle choices (Διαιτήμασί in Greek), and now Qwiet AI is delivering his […]

READ MORE
AI Cybersecurity
April 29, 2024 10 min to read

Revolutionizing Vulnerability Detection and Patching

by Chetan Conikee

In the ever-evolving landscape of software development, ensuring the security of applications has become a paramount concern. As cyber threats continue to grow in sophistication, it is crucial for developers and security professionals to stay ahead of the curve. This article explores a groundbreaking approach that combines the power of Code Property Graphs (CPGs) and […]

READ MORE
Cybersecurity
April 22, 2024 6 min to read

What are the limitations of using ChatGPT to write code?

Love them or hate them, large language models (LLM) are here to stay. After opening the Pandora’s Box of ChatGPT in late 2022, everyone from developers to grandmas began using the tool to get the answers they wanted – and fast. As with every other new technology, ChatGPT created a new set of security risks, […]

READ MORE

Read Next

Cybersecurity
February 17, 2022 14 min to read

Node.js Vulnerability Cheatsheet

25 vulnerabilities to look out for in Node JS applications: Directory traversal, prototype pollution, XSSI, and more… Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really […]

READ MORE
Cybersecurity
November 22, 2021 5 min to read

Getting to Know Compliance in Software Development

On March 21, the Biden administration directed US companies to "harden your cyber defenses immediately." With these new federal guidelines for application security, the White House urged software developers to deploy "modern tools that can detect known and potential vulnerabilities" in their custom and open-source software (OSS). Learn more about how ShiftLeft can help.

READ MORE
Cybersecurity
December 20, 2021 6 min to read

5 Application Security Standards You Should Know

It shouldn’t be surprising that application security has become more important over the last few years. As part of the move to the cloud, applications have become the foundation of business operations. Today, more companies use more applications to do more things than ever before. SaaS applications transmit, store, and process large amounts of sensitive […]

READ MORE
Subscribe to newsletter
Privacy Policy Terms of Service © 2024 Qwiet. All rights reserved
Services
Company
Platform
Resources
Log In