Cider Security emerged from stealth mode with an "application security operating system" that offers developers and security teams transparency over the software development lifecycle (SDLC) and identifies application security risks to the organization. The startup is the latest entrant in the application security space, which is becoming a top priority for enterprises as they try to find and fix software vulnerabilities before they are exploited by malicious actors.
Modern engineering are teams developing more applications across a broader portfolio at a faster pace than before, while also looking for and fixing security vulnerabilities before they can be exploited. A recent NTT Application Security report found that organizations took more than six months (193.1 days), on average to fix critical security vulnerabilities in web applications last year. To balance that grim view, Veracode's latest State of Software Security Report found that increased frequency in scanning for vulnerabilities and automating testing and deployment resulted in two-thirds reduction in the number of vulnerable libraries and a one-third reduction in the time required to fix flaws.
Cider Security's stated goal is eliminate friction between security and engineering by providing teams with a unified view of the organization's engineering ecosystem, which includes the technologies, systems and processes in use. With the capability to orchestrate and manage application security measures and controls built-in to the platform, security teams can optimize security and resilience across the entire continuous integration/continuous delivery (CI/CD) pipeline, the company says.
Security shouldn't slow down engineering, but balancing the two is a challenge for most enterprises. To improve the state of application security, Cider Security's platform identifies risks in the engineering environment and offers recommendations on how to improve the overall security posture. The company claims appsec programs can be implemented "within minutes" using the platform, "democratizing security and allowing AppSec to become a commodity, consumable by organizations from all verticals, sizes, and maturity levels."
The global application security market is estimated to reach $22.655 billion by 2026, compared to $5.11 billion in 2019, according to the latest application security forecast from ResearchAndMarkets.com.
Cider Security has raised $38 million in funding to date, which includes $6 million raised in a seed round and $32 million in Series A funding.