Trend Micro Incorporated, the leader in cloud security, today announced plans for a new, co-developed solution with Snyk, the leader in developer-first open source security. The joint solution will help security teams manage the risk of open source vulnerabilities from the moment open-source code is introduced without interrupting the software delivery process. This marks the expansion of a strategic partnership that has already helped countless organizations enhance DevOps security without impacting product roadmaps.
“We know that vulnerabilities in open-source software, which is increasingly used by all development teams, have increased 2.5x in the past three years,” said Geva Solomonovich, Global Alliances CTO. “This partnership is groundbreaking because for the first time it is giving the security operations team visibility into Open Source, which is one of the fundamental building blocks of cloud-native applications, and its risk. Through this collaboration, we will be helping bridge the technology, process, and organizational gap between security operations and DevOps teams.”1
According to Gartner, “Open-source libraries can carry significant vulnerabilities and the fact that developers may not even know a component is embedded within a library exposes them to unseen vulnerabilities.”2
“DevOps sits at the beating heart of innovation-first enterprises and no one knows these teams like Snyk, especially when it comes to preventing open source vulnerability threats,” said Kevin Simzer, a chief operating officer for Trend Micro. “What we are putting into play is effectively a virtual open-source cybersecurity expert to those teams running our Cloud One platform. Together we can solve security issues before they occur, with complete coverage from code creation to runtime and across any type of developer environment.”
The latest capabilities, delivered by combining the strengths of both companies, enables teams to find vulnerabilities in open source code automatically and immediately. It offers significant benefits for security and development teams, including helping to support compliance with ISO 27001, SOC 2, and other key frameworks and standards.