Checkmarx - Experts & Thought Leaders
Latest Checkmarx news & announcements
Checkmarx, the industry pioneer in cloud-native application security for the enterprise, announced today that its security research team, Checkmarx Zero, has launched a collaborative application security (AppSec) research hub. Checkmarx VP of Security Research Erez Yalon said, “The Checkmarx Zero team has always shared our findings with others in the research community within our blog and at more than 100 conference sessions. We invite other AppSec and software supply chain security researchers to explore our vulnerability research and to contribute their findings as we work together to keep our organisations safe.” Checkmarx Zero hub The Checkmarx Zero hub includes detailed findings based on years of dedicated research, including: 200+ vulnerabilities curated monthly. More than 130 zero-days. In-depth research reports including malicious package names and indicators of compromise (IOCs). Addressing vulnerabilities Checkmarx Zero has become well-known for the discovery of some significant vulnerabilities and threat campaigns in recent years, including: An Amazon Ring vulnerability that could have allowed access to users’ camera recordings. An ongoing campaign by a group nicknamed RED-LILI launched hundreds of malicious packages as part of node package manager (NPM) attacks on Azure and other developers. The first known software supply chain attacks targeted at the banking industry.
RiverSafe, an Application Security, DevOps, and Cyber Security professional services provider, has partnered with Checkmarx, the industry pioneer in cloud-native application security for the enterprise, to help organisations fortify their security landscape amid rising global threats. Open-source vulnerabilities A recent report unveiled concerning statistics. 84 percent of codebases contain open-source vulnerabilities, with 91 percent featuring outdated components, demanding heightened security throughout the software development life cycle. On average, open-source components make up 73 percent of total code across industries, posing substantial risks. Underfunded and Under-Reported report Security concerns for businesses pinpointing a critical threat, insufficient investment in essential tools Furthermore, RiverSafe's recent Underfunded and Under-Reported report highlighted escalating security concerns for businesses pinpointing a critical threat, insufficient investment in essential tools, ranking second only to artificial intelligence (AI). On the whole, there is great concern among CISOs and their security teams regarding their organisation’s application usage. Software Development Life Cycle While security remains a top priority for CISOs, developers are under increasing pressure to deliver products faster, which can cause friction between agility and security. This partnership, built with developers in mind, will combine the powerful capabilities of the Checkmarx platform with RiverSafe’s Application Security expertise, ensuring that security is integrated throughout the Software Development Life Cycle (SDLC), enabling developers to create more secure products without slowing down the development process. Security-first approach Oseloka Obiora, CTO and Co-Founder of RiverSafe, commented, “At RiverSafe, we understand the challenges organisations face in AppSec, especially amidst the ever-evolving threat landscape." "That's why we adopt a security-first approach to software development. By partnering with Checkmarx, we empower enterprise businesses to innovate confidently." Code to cloud applications This partnership not only enhances visibility and control over coding environments" “Our collaboration seamlessly integrates threat intelligence into the software development lifecycle, ensuring that security vulnerabilities are identified and addressed proactively," concluded Obiora. Yigal Elstein, Chief Revenue Officer at Checkmarx, said, “SAST and source code analysis (SCA) is not enough to secure cloud-native applications. In the age of digital transformation, it’s imperative to provide the enterprise with robust, consolidated application security solutions from code to cloud." Visibility and control "Teaming up with RiverSafe, with their unparalleled expertise across cyber, application security, and DevOps, provides important context and threat intelligence to our customers." "This partnership not only enhances visibility and control over coding environments but also empowers security and development teams to prioritise critical vulnerabilities effectively with a superior developer experience.”
Checkmarx, the pioneer in cloud-native application security, has announced an integration partnership with SD Elements from Security Compass, a pioneer in Security by Design. The integration enhances Checkmarx One, the industry-pioneering enterprise application security platform, and Checkmarx SAST by incorporating SD Elements to streamline and expand threat modeling capabilities across the software development life cycle (SDLC). Threat modeling Threat modeling is essential in identifying and mitigating potential security threats early in the development process. By integrating SD Elements, Checkmarx One empowers developers and security teams to secure applications from code to the cloud, significantly reducing application security risks while maintaining efficient developer workflows. "Security by Design" methodology "Security by Design" ensures a dynamic and comprehensive assessment of the threat model The integration with SD Elements facilitates a "Security by Design" methodology, enabling continuous threat modeling to scrutinise every code change and new feature addition. This ensures a dynamic and comprehensive assessment of the threat model throughout its lifecycle, from initial release to subsequent updates. Code-to-cloud development “Proaction and prevention are keys to secure applications, which makes threat modeling a critical element,” said Ori Bendet, VP of Product Management at Checkmarx. “To ensure the success of threat modeling and application security, it’s essential that it be part of a seamless process." "Because teams need the delivery of precise results to be fast and available in context, these integrations with Security Compass will enable today’s code-to-cloud development to be done in a more secure and highly efficient manner.” Robust application security solutions Trevor Young, Chief Product Officer at Security Compass, adds, "Integrating SD Elements with Checkmarx's robust application security solutions marks a significant milestone in our mission to embed security seamlessly into the development process." "This partnership underscores our shared vision of making security an integral, uncompromising part of application development, ensuring that every software release is secure by design." Partnership benefits The integrations between Checkmarx and Security Compass’ SD Elements offer customers: Tailored threat modeling that aligns with specific applications, technologies, compliance mandates, and business contexts. Streamlined code scanning to ensure the effective implementation of threat countermeasures and compliance adherence. Enhanced threat-model coverage across software portfolios through the integration of Checkmarx’s scanning results within popular integrated development environments (IDEs) and development workflows.
Using artificial intelligence (AI) to automate physical security systems
DownloadA modern guide to data loss prevention
Download7 proven solutions for law enforcement key control and asset management
DownloadThe truth behind 9 mobile access myths
DownloadAccess control system planning phase 2
Download