open source development risks

Snyk & Trend Micro deepen collaboration with a new solution for solving open source development risks

Geva Solomonovich
August 27, 2020 | in Partners
| By Geva Solomonovich

We’re thrilled to deepen our collaboration with our long-standing partner Trend Micro, a global cloud security leader, to co-develop a first-of-its-kind solution that will help security teams manage the risk of open source vulnerabilities. 

The next phase of our collaboration with Trend Micro builds on the already highly successful partnership centered on Snyk Intel, our industry-leading open source vulnerability database

In this next chapter, our collaboration will bridge the gap between DevOps and security operations teams. This gap transcends technology, process, and organizational barriers. Through this collaboration we will bridge the visibility gap into the use and risk of one of the cloud native pillars, namely open source, something which is typically the purview of developers only. The new solution will give security operations teams more visibility into the shift-left movement, allowing them a glimpse into the development world. Through this increased visibility we aim to take both the DevOps and SecOps team one step closer in their collaboration by giving them a shared platform to view open source risk. 

Trend Micro is highly tuned to the needs of their customers and is laser focused on delivering more value to them. In viewing Snyk as the clear security leader for developers, Trend Micro is out ahead of their customers’ needs. By adding Snyk to the Cloud One platform, Trend Micro will bring Snyk to a new global security operations persona for the first time, and also give cloud and security operations teams a way to work more closely with developer and devops teams.

Open source software, and risk, is everywhere

According to Gartner, more than 90 percent of organizations use open source software, yet are often not aware that open source libraries contain vulnerabilities that can put them at risk. According to the Snyk State of Open Source Security Report 2020, only 28% of survey respondents indicated that they have strong controls and confidence in all dependencies (direct and indirect). This leaves many companies lacking controls or insights into open source vulnerabilities. 

With modern cloud native applications, developers have more responsibilities than ever before. They don’t just build applications and move on; they are writing applications with containers, open source, and Terraform scripts to control deployment. Snyk’s developer-first security tools help them secure code as it’s written in a very seamless, automated way. However, security teams, accountable for the application development and delivery process,  must find a way to ensure risk is mitigated and controlled as much as possible as development evolves. 

Why is this new solution needed? 

In this new DevOps world of rapid releases, where 80 percent of all source code is open source, security teams require complete visibility of open source risk. Yet the above statistics show that security leaders have blinders on when it comes to open source and cloud native application security. 

The new co-developed solution will remove these blinders and provide complete visibility of open source development risk so that security operations teams can work in sync with developer and cloud teams, who are on the frontlines building and securing modern applications.  

Benefits for security operations teams 

Here’s three ways this partnership addresses these blind spots, by providing scanning capabilities and reporting to sec operations teams:  

  1. Scans all code repositories for vulnerabilities using Snyk’s world-class open source vulnerability scanning and database.
  2. Delivers continuous visibility of open source code vulnerabilities from earliest code to running in production.
  3. Bridges the organizational gap between DevOps & SecOps setting the stage to enhance secure DevOps practices.

Cars with breaks can go faster 

From the comfort of our home offices, we had the chance to film this short video with Trend Micro on the importance of this new collaboration.  In it, Kevin Simzer, chief operating officer at Trend Micro, says that breaks were not added to cars to slow them down. They actually help a car go faster, which he says is a perfect analogy for why Trend Micro and Snyk are embarking on an even deeper partnership. By delivering ongoing visibility of open source code vulnerabilities, developers and security operations teams achieve continuous innovation and continuous security, with everyone in the right lane and in full control. 



Additional Resources
Trend Micro and Snyk partner to deliver complete remediation to secure containers blog