Chief Scientist Emeritus Fabian Yamaguchi and foundational Code Property Graph technology recognized with IEEE Test of Time Award

ShiftLeft, Inc., a leader in application security, today announced it has been accepted into the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together technology leaders to improve the security of OSS. ShiftLeft joins OpenSSF to further its commitment to advance supply chain security for open source software and the entire technology and business ecosystem.

It is a near-impossible task in today’s software-driven business era to develop applications free of open-source components. Developers rely on open source and open source libraries as valuable tools in building modern, scalable applications. Today, 98% of applications use open source and open source libraries, 75% of the code in the average software application is comprised of open-source components, and 84% of applications have at least one vulnerability. While using ready-made code simplifies the application development process, it also carries serious security risks, as attackers often deliberately compromise open-source software to attack applications that rely on them.

ShiftLeft believes in equipping developers with the tools they need to be responsible for the security of the code they develop. The ShiftLeft CORE platform, powered by ShiftLeft’s unique Code Property Graph (CPG) engine, provides developers with a comprehensive suite of code security solutions, making it simple and efficient to integrate security into their everyday practices and within their existing workflows.

“We are honored to have been accepted into the Open Source Security Foundation, and support their vision to create a future where participants in the open source ecosystem use and share high quality software, with security handled proactively, by default, and as a matter of course.” said Chetan Conikee, CTO, ShiftLeft. “Like many of our customers, ShiftLeft has benefited greatly from leveraging open source software to build our differentiated products and features. This new juncture further strengthens our commitment of giving back to the community by empowering organizations with code, enabling them ability to build and run secure applications.”

ShiftLeft CORE features NextGen Static Analysis (NG SAST), a modern code analysis solution built to support developer workflows; Intelligent Software Composition Analysis (SCA), which scores code vulnerabilities based on whether an attacker can reach it; and ShiftLeft Educate, which delivers contextual security training for developers within the developer workflow. Designed for modern, modular applications, ShiftLeft’s CPG engine combines many representations of source code into a single, queryable graph database to understand the full flow of information across an application or service, adding valuable context to its code security analysis and recommendations.

For more information on ShiftLeft CORE, visit https://www.shiftleft.io/.

About ShiftLeft

ShiftLeft builds security software with a developers-first approach. Through industry-leading speed and accuracy, ShiftLeft maximizes developer productivity and efficiency by providing near-instantaneous security feedback on software code during every pull request. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate. The platform is purpose-built to insert security directly into the modern software development lifecycle so developers receive the right vulnerability information at the right time.

Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.

About the Open Source Security Foundation (OpenSSF)

Hosted by the Linux Foundation, the OpenSSF (launched in August 2020) is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. It combines the Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab to build a community to support the open source security for decades to come. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About Qwiet AI

Qwiet AI empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, Qwiet AI scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, Qwiet AI then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use Qwiet AI ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, Qwiet AI is based in Santa Clara, California. For information, visit: https://qwiet.ai

Share