Connect with us

Tech

Jit aims to simplify product security for developers

Published

on

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


Jit, a startup with a platform designed to make product security easier for developers, has raised $38.5 million seed funding. In addition, the company released a free public beta version that automates product security by converting complex security plans from written documents and spreadsheets into security plans-as-code maintained on GitHub. The goal is to empower modern engineering teams to take responsibility for product security as part of their devops workflow.

Jit claims it makes it simple to integrate security into the devops workflow. According to David Melamed, cofounder and CTO of Jit, cybersecurity executives are introducing new tools at a faster pace than their teams can integrate with, adjust to, and configure. 

Melamed also stated that developing a security plan or program takes too much time for high-speed development and product teams. This shifts attention to risk management, and as he sees it, when there are so many risk-related costs, efficiency falls out of sync.

Jit, according to Melamed, simplifies technical security for engineering teams, while also lowering costs. He added that Jit provides a straightforward solution to adopting DevSecOps, in which product security is supplied as a service into the continuous integration, continuous delivery (CI/CD) pipeline, with a product security plan based on Git principles and translated into a language developers understand — code.

Security-as-code (SaC)

Today, security and product functionality are not mutually exclusive. A product can be flawless in terms of functionality yet absolutely insecure in terms of security. This is because security is still often an afterthought in software development. 

According to the State of Developer-Driven Security 2022 survey conducted by Secure Code Warrior, 86% of developers do not consider application security to be a top priority while building code. According to the study, more than half of the 1,200 developers polled are unable to assure that their code is secure against common vulnerabilities. This is one of the reasons why only 29% of the developers believe that building secure code should be a top priority.

According to the same survey, 67% of engineers said they put off writing secure code until later in the software development lifecycle due to time constraints and a lack of training or direction on how to do so. As a result, they prioritize functionality over security. However, adopting security-as-code (SaC) firmly combines application development and security administration, allowing developers to focus on key features and functionality, while also simplifying security teams’ configuration and permission management. This enhances communication between development and security teams, as well as fostering a security culture throughout the company.

In fact, McKinsey reports that most cloud leaders agree that infrastructure-as-code (IaC) allows companies to automate the creation of cloud systems without relying on error-prone human configuration. SaC goes a step further, McKinsey claims, by programmatically creating cybersecurity policies and standards, allowing them to be referenced automatically in configuration scripts. Rather than waiting until later, developers increasingly think about security from the beginning of a project.

To automatically and continuously detect vulnerabilities and security issues, security tests and scanning are integrated into the CI/CD pipeline. Everyone in the organization can see who has access to which resources, since access policy decisions are written in source code. Jit claims it is designed for modern engineering teams that are developing cloud-native software, using CI/CD best practices and want to ensure that product security is present from day one.

Minimum viable security strategy

Many modern development organizations are shifting left and introducing a variety of security technologies for developers, according to Ed Sim, founder and general partner of Boldstart Ventures. What’s missing, he claims, with the proliferation of these solutions is an orchestration layer that combines a range of open-source security tools while organically integrating the security as code experience into the developer workflow.

“Jit is the first solution that allows developers to easily embed minimal viable security from day zero, resulting in security at the speed of code,” Sim said.

According to a Ponemon Institute report, 41% of respondents say product security is a top priority for their companies, 50% say they examine product security before shipping a product to clients, and 59% say they’ve lost revenue because of product security issues. Jit claims to have codified what it calls “minimum viable security plans” that are compliant with industry standards. According to Jit, these strategies address the threat landscape as well as the basic security requirements for protecting a product from its earliest iteration. A compliance checklist in a spreadsheet becomes code that is saved in a repository. The company claims that the next step is an automated orchestration of all OSS security technologies across the entire tech stack, including code, infrastructure, CI/CD, runtime and APIs.

As a developer, instead of having to research, configure, implement and work to integrate open-source security tools into their stacks and CI/CD pipelines, the security research team at Jit says what sets its tools apart is that the company has taken the time to curate and select tools that will provide the first line of defense for the developers’ applications. 

This, according to the company, is useful if an individual isn’t a security domain expert and this responsibility has recently been handed to their plate. Jit claims it is designed to be as simple to use as other as-code tools. With its tools, the company says a developer may now write a security plan and apply it to their specific stack with a few clicks in the user interface, similar to its competitor Terraform Plan/Terraform Apply.

Boldstart Ventures led the seed funding round, which included Insight Partners, Tiger Global Management, and strategic angel investors. FXP, a new Boston-Israel startup venture studio, founded the company.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Read More

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Tech

FIFA 23 lets you turn off commentary pointing out how bad you are

Published

on

By

FIFA 23 lets you turn off commentary pointing out how bad you are
A player shouldering the ball



(Image credit: EA)

FIFA 23 might be the best game soccer game yet for terrible sports fans, as it lets you turn off commentary that criticizes your bad playing.

Now that the early access FIFA 23 release time has passed, EA Play and Xbox Game Pass Ultimate subscribers can hop into the game ahead of its full release. But as Eurogamer (opens in new tab) spotted, they’ll find a peculiar option waiting for them.

FIFA 23 includes a toggle to turn off ‘Critical Commentary’. The setting lets you silence all negative in-match comments made about your technique, so you can protect your precious ego even when you miss an open goal or commit an obvious foul. The more positive commentary won’t be affected. 

Spare your feelings

A player dribbling the ball in FIFA 23

(Image credit: EA)

The feature looks tailored toward children and new players, who don’t want to have their confidence wrecked within mere minutes of picking up the controller. But even experienced players who just so happen to be terrible at the game might benefit.

It’s not perfect, though. According to Eurogamer, the feature didn’t seem to work during a FIFA Ultimate Team Division Rivals match, with critical comments slipping through the filter. Still, who hasn’t benefited from a light grilling every now and then?

Polite commentary isn’t the only new addition in FIFA 23. It’s the first game in the series to include women’s club football teams, and fancy overhauled animations that take advantage of the PS5 and Xbox Series X|S’s new-gen hardware. EA will be hoping to end on a high, as FIFA 23 will be the last of its soccer games to release with the official FIFA licence.

If disabling critical commentary doesn’t improve your soccer skills, maybe building a squad of Marvel superheroes will. Although you might not do much better with Ted Lasso wandering the pitch.

FIFA 23 is set to fully release this Friday, September 30.

Callum is TechRadar Gaming’s News Writer. You’ll find him whipping up stories about all the latest happenings in the gaming world, as well as penning the odd feature and review. Before coming to TechRadar, he wrote freelance for various sites, including Clash, The Telegraph, and Gamesindustry.biz, and worked as a Staff Writer at Wargamer. Strategy games and RPGs are his bread and butter, but he’ll eat anything that spins a captivating narrative. He also loves tabletop games, and will happily chew your ear off about TTRPGs and board games. 

Read More

Continue Reading

Tech

Google Pixel 7 price leak suggests Google is totally out of touch

Published

on

By

Google Pixel 7 price leak suggests Google is totally out of touch
The backs of the Pixel 7 and the Pixel 7 Pro



(Image credit: Google)

We’re starting to hear more and more Google Pixel 7 leaks, with the launch of the phone just a week away, but tech fans might be getting a lot of déjà vu, with the leaks all listing near-identical specs to what we heard about the Pixel 6 a year ago.

It sounds like the new phones – a successor to the Pixel 6 Pro is also expected – could be very similar to their 2021 predecessors. And a new price leak has suggested that the phones’ costs could be the same too, as a Twitter user spotted the Pixel 7 briefly listed on Amazon (before being promptly taken down, of course).

Google pixel 7 on Amazon US. $599.99.It is still showing up in search cache but the listing gives an error if you click on it. We have the B0 number to keep track of though!#teampixel pic.twitter.com/w5Z09D28YESeptember 27, 2022

See more

According to these listings, the Pixel 7 will cost $599 while the Pixel 7 Pro will cost $899, both of which are identical to the Pixel 6 and Pixel 6 Pro starting prices. The leak doesn’t include any other region prices, but in the UK the current models cost £599 and £849, while in Australia they went for AU$999 and AU$1,299.

So it sounds like Google is planning on retaining the same prices for its new phones as it sold the old ones for, a move which doesn’t make much sense.


Analysis: same price, new world

Google’s choice to keep the same price points is a little curious when you consider that the specs leaks suggest these phones are virtually unchanged from their predecessors. You’re buying year-old tech for the same price as before.

Do bear in mind that the price of tech generally lowers over time, so you can readily pick up a cheaper Pixel 6 or 6 Pro right now, and after the launch of the new ones, the older models will very likely get even cheaper.

But there’s another key factor to consider in the price: $599 might be the same number in 2022 as it was in 2021, but with the changing global climate, like wars and flailing currencies and cost of living crises, it’s a very different amount of money.

Some people just won’t be willing to shell out the amount this year, that they may have been able to last year. But this speaks to a wider issue in consumer tech.

Google isn’t the only tech company to completely neglect the challenging global climate when pricing its gadgets: Samsung is still releasing super-pricey folding phones, and the iPhone 14 is, for some incomprehensible reason, even pricier than the iPhone 13 in some regions. 

Too few brands are actually catering to the tough economic times many are facing right now, with companies increasing the price of their premium offerings to counter rising costs, instead of just designing more affordable alternatives to flagships.

These high and rising prices suggest that companies are totally out of touch with their buyers, and don’t understand the economic hardship troubling many.

We’ll have to reach a breaking point sooner or later, either with brands finally clueing into the fact that they need to release cheaper phones, or with customers voting with their wallets by sticking to second-hand or refurbished devices. But until then, you can buy the best cheap phones to show that cost is important to you.

Tom’s role in the TechRadar team is to specialize in phones and tablets, but he also takes on other tech like electric scooters, smartwatches, fitness, mobile gaming and more. He is based in London, UK.

He graduated in American Literature and Creative Writing from the University of East Anglia. Prior to working in TechRadar freelanced in tech, gaming and entertainment, and also spent many years working as a mixologist. Outside of TechRadar he works in film as a screenwriter, director and producer.

Read More

Continue Reading

Tech

DisplayMate awards the “Best Smartphone Display” title to the iPhone 14 Pro Max

Published

on

By

DisplayMate awards the “Best Smartphone Display” title to the iPhone 14 Pro Max

, , , , , ,

search relation.

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

 

Read More

Continue Reading

Trending

Copyright © 2022 Xanatan