For organizations trying to quickly develop secure code, a software-as-a-service (SaaS) platform from BoostSecurity aims to provide automated tools and checks throughout the build, test, and release phases of that process — in order to prioritize security throughout the software supply chain.
The startup emerged from stealth on Nov. 16 with $12 million in seed funding, led by Sorenson Capital.
In addition to misconfigurations and insider threats to compromised dependencies, BoostSecurity's platform will also help security and engineering identify and fix security issues with automated tools, according to a statement released by the new enterprise.
The company's approach is different than what has been available before, BoostSecurity's CEO Zaid Al Hamami tells Dark Reading. Specifically, automated testing and continuous integration (CI) were once available only to companies that could afford to hire quality assurance teams to conduct manual testing.
"In the future, I believe that building secure software will be as pervasive as automated testing and CI is today," Al Hamami predicts. "That will happen when it becomes just as easy to use, and where the benefits to development teams become just as obvious."
With headline-grabbing software supply chain cyberattacks becoming all too common, including the infamous SolarWinds compromise, shifting left to make security checks part of the entire software development cycle has become an increasing priority. BoostSecurity sees itself as offering automated DevSecOps tools to help.
"Even with the increased awareness and the exploding industry around developer security, we believe that we are still in the early innings of a major transformation," Vidya Raman, partner at Sorensen Venture and lead investor in BoostSecurity, said in a statement about the company. "The world now knows how to ship high quality code, rapidly. The next challenge is continuing to do both, but much more securely."