Snyk Puts Power to Identify and Secure Open-Source Vulnerabilities in Developer’s Hands

London, England – June 23, 2016 -- Open-source packages have become the foundation upon which nearly every modern application is developed. Despite their essential role in our technological infrastructure, there are no developer-friendly tools to ensure this open source code is free from vulnerabilities that expose organizations to stolen user data, financial losses and irreparable brand damage.

This is why a group of former cyber-security experts for the Israeli army joined forces with open source thought leaders in London to unveil Snyk, the first security solution built entirely for and around the developer. Today, the company is launching out of beta and announcing the release of its first product, which is devoted to ensuring that all open-source code a development team may use is vulnerability-free. Snyk is initially focused on the Node.js and npm ecosystem, and will expand to others over time.

The problem: current solutions are lacking and built for security experts, rather than development teams.

By 2019, Symantec estimates 1.5 out of 6 million cyber security roles will remain unstaffed. These security experts are vastly outnumbered by the developers creating the potentially insecure applications. Thus, securing applications and the open-source packages used in it must be tackled by developers directly.

To address this, Snyk integrates securing open source into the existing workflow of a programmer and seamlessly provides a layer of security to the development process. For instance, it offers direct integration with GitHub, which sits at the heart of many development teams workflow, and with Continuous Integration (CI) systems, such as Jenkins, Travis CI and CircleCI.

By empowering developers to secure and manage vulnerable open source dependencies, issues are tackled instantly and continuously within the application. As Nadav Avrahami, co-founder and VP at Wix, put it, “the most efficient way to solve a vulnerability is to do it as soon as possible. The mere notion of stopping for a security audit is just not feasible in today’s continuous world of software development. Snyk matches how we work by addressing and solving vulnerability issues during the development process itself.”

Snyk secures applications in four simple steps:

• Finds the vulnerabilities in your dependencies by matching the open source code used in your application with Snyk’s Vulnerability Database.

• Fixes security issues by either finding the right upgrade or providing Snyk-authored open-source patches.

• Prevents new security issues by catching new vulnerable dependencies before they enter your code as a natural part of your GitHub or CI tests.

• Alerts on new disclosed vulnerabilities that affect your application and provides instant remediation, minimizing exposure.

“Open source tools propagate quickly, which also means their security flaws have a wide reach, as we’ve seen in cases like Heartbleed and Shellshock,” said Tom Preston-Werner, GitHub’s Co-Founder. “Snyk not only finds such issues but also makes it extremely easy to fix them, which is key for making busy developers take action. By making its tools free for open source, Snyk is set to make a big impact at making creating and consuming open source more secure”

“Open source is an essential reason why software is eating the world,” said Guy Podjarny, Co-founder and CEO of Snyk. “It democratizes access to new software all over the world and empowers developers to build and consume new technologies at zero cost. The same crowdsourcing that makes it powerful unfortunately also makes it vulnerable. That is why we built Snyk--to put the power of securing open-source code into the developer’s hands.”

Prior to Snyk, Podjarny founded and sold Blaze to Akamai where he served as CTO, co-founders Danny Grander and Assaf Hefetz led commercial and military cyber teams, and the team also includes open-source thought leaders such as Remy Sharp & Anna Debenham. The company is backed by Canaan Partners, BOLDStart and multiple successful developer tools entrepreneurs.

The solution is free for open-source projects, and its gradual pricing curve, from as little as $19 a month to full Enterprise support, empowers dev teams of all sizes to secure their applications. To learn more about Snyk and how your business can start taking more effective measures towards securing applications, please visit: https://snyk.io/.

About Snyk

Snyk is the first solution to put the power of identifying vulnerabilities and securing open-source packages into the hands of developers. The company’s mission is to  secure authoring and consuming open-source code and it currently offers free and premium tools that help find, fix and monitor for known vulnerabilities in open source dependencies. Snyk’s clients include top companies like BBC, Warby Parker, Optimizely, Macy’s and many others. The company is backed by Canaan Partners, BOLDStart and multiple successful developer tools entrepreneurs. Snyk was founded in 2015 and is headquartered in London with offices in Israel. For more information, go to https://snyk.io/.

Contact Information

Grace Zavolock

VSC for Snyk

VSC

Contact via E-mail