2023 was a tremendous yr from an utility safety standpoint. We noticed the emergence of GenAI, the significance of ASPM, together with a collection of recent assaults that focused the broader software program supply-chain. At Checkmarx, we additionally had an unimaginable yr – from a Platform launch, to a ChatGPT plug in, and ground-breaking safety analysis.
Let’s have a look again on the highlights from the previous 365 day.
Utility Threat Administration powered by Fusion 2.0
The largest problem in safety, and particularly utility safety, at present, is the noise. Also called “alert fatigue” or just, “I have too many vulnerabilities – where do I start??” Growth groups can get overwhelmed with the variety of alerts they get, and infrequently don’t have the power to shortly discern which of them are probably the most crucial. Enterprises already ship weak code to manufacturing, so the problem isn’t about fixing every part, it’s fixing what issues most to the enterprise.
We launched Utility Threat Administration as a solution to precisely that. Powered by Fusion 2.0, it permits enterprises to get a prioritized listing of vulnerabilities, in order that they know the place to begin remediating. It additionally gives a danger indicator per utility, so administration will be capable of assess and handle the chance of every utility.
Codebashing 2.0 with Safety Champions
During the last couple of years we’ve got really seen how helpful builders are to efficient utility safety. A method to assist drive adoption throughout enterprises, is a safety champion program that features a sturdy schooling on safety particularly for builders. Codebashing 2.0 was constructed with builders in thoughts. It brings a recent appear and feel, packaged with gamifications to assist drive the aggressive nature of builders, and the power to coach and certify anybody within the group as an authorized safety champion.
CheckAI
With the introduction of ChatGPT in early 2023, everybody has been speaking about GenAI. Builders use it to generate code, designers use it to create new graphics and my mom use it to get journey suggestions. It’s really life-changing expertise. As with many ground-breaking applied sciences, the dangers are but to be absolutely realized. As GenAI options began to quickly unfold by way of the trade, we began to see new sorts of assaults that make the most of GenAI: every part from immediate injections to hallucinations to malicious LLMs. Because of this we launched, CheckAI, the trade first and solely GPT plugin to scan GenAI generated code and shield in opposition to an AI hallucination assault. And we’re simply getting began right here! Anticipate rather more in 2024.
A brand new supply-chain module in Checkmarx One
Checkmarx was the primary vendor to incorporate malicious detection as a part of our SCA answer in 2022. Checkmarx now has the most important malicious packages database available in the market, with over 8 million analyzed packages and over 250K malicious packages recognized. Nevertheless, the software program supply-chain has rather more to concentrate to than simply malicious packages. Defending the whole software program supply-chain consists of every part in your growth course of. Out of your CI/CD plugins and configurations, your compilers and, sure, your open supply packages. As a part of Checkmarx One 3.0, we launched a brand new devoted module to the broader software program supply-chain. Our purpose is to assist enterprises shield their whole software program supply-chain. We launched 2 new engines: enterprise secrets and techniques detection (which makes use of 2MS) and repo well being (which makes use of the OSSF Scorecard) and we’ll proceed so as to add extra protection all through 2024.
Checkmarx One 3.0
Most likely the most important launch of the yr for us – Checkmarx One 3.0, marks 2 years of funding into our Checkmarx One platform. With near 500 enterprise prospects already utilizing it, and over a 100B LOC that are being scanned each month, it’s the enterprise utility safety platform each enterprise wants. With over 660 new capabilities introduces in 2023, 8 options already on the platform, it was actually a outstanding launch. Within the launch we had over 1500 registrants, which broadcasted across the globe to our prospects, prospects, companions and analysts.
Keep tuned to what’s but to return in 2024 and in model 4.0!
