Jit aims to simplify product security for developers

We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!

Jit, a startup with a platform designed to make product security easier for developers, has raised $ 38.5 million in seed funding. In addition, the company released a free public beta version that automates product security by converting complex security plans from written documents and spreadsheets into security plan-as-codes maintained on GitHub. The goal is to empower modern engineering teams to take responsibility for product safety as part of their DevOps workflow.

Jeet claims it makes it easier to integrate security into the Devops workflow. According to Jit’s co-founder and CTO David Melamed, cybersecurity executives are introducing new tools at a faster pace than their teams can coordinate, adjust and configure.

Melamde also said that developing a security plan or program takes a lot of time for a high-speed development and product team. This leads to a focus on risk management, and as it turns out, while there are many risk-related costs, efficiency goes out of sync.

The win, according to Melamid, simplifies technical security for engineering teams, while also reducing costs. He added that Jeet provides a straightforward solution for DevSecOps adoption, providing product security as a continuous integration, continuous delivery (CI / CD) pipeline service, with product security plans based on Git principles and translated into language developers. is coming. Understand – code.

Security as Code (SaC)

Today, security and production efficiency are not mutually exclusive. The product may be flawless in terms of efficiency but completely unsafe in terms of safety. This is because security is still often the latter idea in software development.

According to the State of Developer-Drive Security 2022 survey conducted by Secure Code Warrior, 86% of developers do not consider application security a top priority when creating code. According to the study, more than half of the 1,200 developers polled are unable to ensure that their code is protected against common vulnerabilities. This is one reason why only 29% of developers believe that creating secure code should be a top priority.

According to a similar survey, 67% of engineers stated that they stopped writing secure code later in the software development life cycle due to time constraints and lack of training or direction on how to do it. As a result, they prioritize efficiency over security. However, the adoption of Security-As-Code (SaC) strongly integrates application development and security administration, allowing developers to focus on key features and functionality, while also simplifying the configuration and permission management of security teams. This enhances the communication between the development and security teams, as well as promotes a security culture throughout the company.

In fact, McKinsey reports that most cloud leaders agree that Infrastructure-as-Code (IaC) allows companies to automate the creation of cloud systems without relying on error-prone human configurations. SaC goes a step further, McKinsey claims, by creating cybersecurity policies and standards programmatically, allowing them to be automatically referenced in configuration scripts. Instead of waiting until then, the developers think more and more about security from the beginning of the project.

Security tests and scanning are integrated into the CI / CD pipeline to detect vulnerabilities and security issues automatically and continuously. Everyone in the organization can see who has access to what resources, as access policy decisions are written in the source code. Jeet claims that it is designed for modern engineering teams developing cloud-native software, using CI / CD best practices and wants to ensure product safety is present from day one.

Minimum practical security strategy

According to Ed Sim, founder and general partner of Boldstart Ventures, many modern development organizations are moving to the left and introducing various security techniques for developers. What’s missing, he claims, is an orchestration layer with the proliferation of these solutions that combines a range of open-source security tools while integrating security organically into the developer’s workflow as a code experience.

“Jit is the first solution that allows developers to easily embed minimally capable security from scratch, resulting in code-fast security,” Sime said.

According to Pmon, 41% of people say product safety is a top priority for their companies, 50% say they check product safety before sending products to customers, and 59% say they lost revenue because of product safety issues. Is. Jit claims that what he calls “minimum practical security plans” are in line with industry standards. According to Jit, these strategies address the basic security requirements to protect the hazardous landscape as well as the product from its initial repetition. The compliance checklist code in the spreadsheet becomes the code that is saved in the repository. The company claims that the next step is the automatic orchestration of all OSS security technologies across the entire tech stack, including code, infrastructure, CI / CD, runtime and API.

As a developer, instead of researching, configuring, implementing and working to integrate open-source security tools into their stacks and CI / CD pipelines, the security research team at Jeet says what sets its tools apart is that the company has to curate and equip the tools. Time to choose which will provide the first line of protection for developers’ application.

According to the company, this is useful if a person is not a security domain expert and this responsibility has recently been assigned to their plate. Jeet claims that it is as easy to use as any other code tool. With its tools, the company says, the developer can now write a security plan and apply it to its specific stack with a few clicks in the user interface, just like its rival Teraform Plan / Teraform App.

Boldstart Ventures led the Seed Funding Round, which includes Insight Partners, Tiger Global Management and Strategic Angel Investors. FXP, a new Boston-Israel startup venture studio founded the company.

Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more about membership.

Similar Posts

Leave a Reply

Your email address will not be published.