2023 was an amazing year from an application security point of view. We saw the emergence of GenAI, the importance of ASPM, along with a series of new attacks that targeted the wider software supply-chain. At Checkmarx, we also had an incredible year – from a Platform launch, to a ChatGPT plug in, and ground-breaking security research.
Let’s take a look back at the highlights from the past 365 day.
Application Risk Management powered by Fusion 2.0
The biggest challenge in security, and specifically application security, today, is the noise. Also known as “alert fatigue” or simply, “I have too many vulnerabilities – where do I start??” Development teams can get overwhelmed with the number of alerts they get, and often don’t have the ability to quickly discern which ones are the most critical. Enterprises already ship vulnerable code to production, so the challenge isn’t about fixing everything, it’s fixing what matters most to the business.
We launched Application Risk Management as an answer to exactly that. Powered by Fusion 2.0, it allows enterprises to get a prioritized list of vulnerabilities, so they know where to start remediating. It also provides a risk indicator per application, so management will be able to assess and manage the risk of each application.
Codebashing 2.0 with Security Champions
Over the last couple of years we have truly seen how valuable developers are to effective application security. One way to help drive adoption across enterprises, is a security champion program that includes a robust education on security specifically for developers. Codebashing 2.0 was built with developers in mind. It brings a fresh look and feel, packaged with gamifications to help drive the competitive nature of developers, and the ability to train and certify anyone in the organization as a certified security champion.
With the introduction of ChatGPT in early 2023, everyone has been talking about GenAI. Developers use it to generate code, designers use it to create new graphics and my mother use it to get travel recommendations. It’s truly life-changing technology. As with many ground-breaking technologies, the risks are yet to be fully realized. As GenAI solutions started to rapidly spread through the industry, we started to see new types of attacks that utilize GenAI: everything from prompt injections to hallucinations to malicious LLMs. This is why we introduced, CheckAI, the industry first and only GPT plugin to scan GenAI generated code and protect against an AI hallucination attack. And we are just getting started here! Expect much more in 2024.
A new supply-chain module in Checkmarx One
Checkmarx was the first vendor to include malicious detection as part of our SCA solution in 2022. Checkmarx now has the largest malicious packages database in the market, with over 8 million analyzed packages and over 250K malicious packages identified. However, the software supply-chain has much more to pay attention to than just malicious packages. Protecting the entire software supply-chain includes everything in your development process. From your CI/CD plugins and configurations, your compilers and, yes, your open source packages. As part of Checkmarx One 3.0, we introduced a new dedicated module to the wider software supply-chain. Our goal is to help enterprises protect their entire software supply-chain. We introduced 2 new engines: enterprise secrets detection (which utilizes 2MS) and repo health (which utilizes the OSSF Scorecard) and we will continue to add more coverage throughout 2024.
Checkmarx One 3.0
Probably the biggest launch of the year for us - Checkmarx One 3.0, marks 2 years of investment into our Checkmarx One platform. With close to 500 enterprise customers already using it, and over a 100B LOC which are being scanned every month, it’s the enterprise application security platform every enterprise needs. With over 660 new capabilities introduces in 2023, 8 solutions already on the platform, it was really a remarkable release. In the launch we had over 1500 registrants, which broadcasted around the globe to our customers, prospects, partners and analysts.
Stay tuned to what is yet to come in 2024 and in version 4.0!