Skip to main content

With Love, Your Applications

feature-patch-valentines

February 14, 2024

0 mins read

Dear ASPM (application security posture management), 

It’s tough being an application these days, with so much scary stuff out there trying to get us. This Valentine’s Day, we want to express our deepest gratitude for the care and kindness you’ve shown us.

We’re so lucky we have you to keep us safe. We appreciate you for countless reasons, and we want to elaborate on just a few. 

For one, you don’t jump to conclusions about us and our risk levels solely based on CVSS ratings. Instead, you take the time to get to know us and understand how every vulnerability relates to mission-critical functions. You take a holistic perspective about our unique roles in your business, then decide how we should be treated based on that. Thanks for reminding us, in the style of You’re the Inspiration by Chicago: “You're more than a single score — a complex application. You are tied to other things — a complex application.”  

We also appreciate that you take the time to get to know every part of us. Each of us is made up of so much more than just source code. We’re complex projects with third-party components, infrastructure as code (IaC), containers, and more. So, thank you for using security tools that work to secure every part of us. We appreciate that you can follow in John Legend’s footsteps and sing to his song All of Me as you tell us, “All of me secures all of you, all your vulns and all your edges, those third-party imperfections.”

Lastly, thank you for making it easy for our developers to see exactly how to remediate our vulnerabilities. Thanks to you, each of us is seen and understood. Your teams know which apps belong to which developers and those devs can take easy steps to fix risks in their own apps. Some of them even use automated workflows to do so! It’s reassuring to know that each of our developers can echo Time after Time by Cyndi Lauper in saying, “If there’s risk, I will fix it, I'll secure you...time after time."

With Love, 
Your Applications

P.S. Read more about Snyk’s approach to ASPM and risk-based prioritization today.

feature-patch-valentines

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.