Snyk Named a 2018 Gartner Cool Vendor in Application and Data Security

We’re extremely humbled and honored to have Gartner name Snyk as a May 2018 Cool Vendor in Application and Data Security!

The Cool Vendor report (written by Neil MacDonald, Ayal Tirosh, Jeremy D’Hoinne, Dale Gardner, Pete Shoard, and Tricia Phillips) highlights interesting, new and innovative vendors, products and services. We feel being selected by Gartner to be one of five named in the report is gratifying, especially in the crowded application security space.We started Snyk with the belief we can build a security solution developers love, and one that truly addresses your open source security concerns. We believe this report validates our developer first approach and remediation automation focus are what customers need as they embrace open source and accelerate their digital transformation.

“The heavy use of open-source components often lacks proper vetting for vulnerabilities and license obligations, as well as mechanisms to alert to new issues as they're discovered.”

Gartner, Cool Vendors in Application and Data Security, 4 May 2018

Closing The DevSecOps Loop

Organizations today struggle to combine the need to transform their digital practices, moving faster to adapt to market needs, and the need to remain secure while doing so.

In the October 2017 Gartner report 10 Things to Get Right for Successful DevSecOps a key challenge mentioned is that information security must adapt to development processes and tools, not the other way around.

Gartner further recommends to integrate security and compliance testing seamlessly into DevSecOps so that developers never have to leave their continuous integration or continuous deployment toolchain environment.

Snyk solves this challenge by focusing on the developers, empowering them to own security through seamless integration into development tools throughout the SDLC. Snyk doesn’t just integrate with these tools, but adapts the user experience to make developers successful - and happy - when using our solution. A core component of such success is automating fix actions, as the developer’s job doesn’t end with logging a vulnerability but with fixing it.

“Identify open-source components, as well as known vulnerabilities in those components, and leverage automated remediation, where available, to patch vulnerable components.”

Gartner, Cool Vendors in Application and Data Security, 4 May 2018

Precise Patches Augmenting Upgrades

Vulnerabilities are bugs, and the best way to fix them is to upgrade to a new library version wherein the bug was fixed - and Snyk automates such upgrades whenever possible. Unfortunately, there are quite a few cases in which upgrading a vulnerable open source library isn’t possible.

For instance, if you are currently using an old version of the library, upgrading may break your application’s functionality. Such upgrades carry significant risk and require extensive testing, making them expensive and delaying the remediation of the actual vulnerability.

In other cases, an upgrade is technically impossible due to conflicts with another dependency or having no path to upgrade an indirect dependency. The latter is especially common with newly disclosed vulnerabilities, as it often takes the dependency chain time to switch to the safer version of the vulnerable library.

For impactful vulnerabilities, Snyk would backport the needed fix and create a patch that customers could immediately apply, making application open source dependencies enterprise grade just like RedHat does for system dependencies.

Gartner customers may read the full report here

Disclaimer

The Gartner Cool Vendor Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.