Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With over 50,000 in attendance, AWS re:Invent 2023 had generative AI taking center stage at keynotes, race cars, and robots wowing at the Expo. Once again, Snyk showed up in a big way. Some of our highlights included being awarded the AWS ISV Partner of the Year in EMEA and UKI, achieving AWS Security Competency, and several new integrations with AWS services. Best of all, we got to meet all of you!

The pace of software development is astounding! The transition to agile, DevOps, cloud, and the supercharged use of AI is empowering distributed development teams to build software with greater speed and autonomy. In contrast to the remarkable strides in development methodologies, maintaining a robust security posture has become a formidable challenge. AppSec teams are still playing catchup, both outnumbered and out-resourced.

Snyk AppRisk provides AppSec teams with the comprehensive application security posture management (ASPM) workbench they need to govern and scale their security programs as well as minimize risk arising from applications.

Open source software has become an integral part of modern application development, enabling developers to accelerate their projects by leveraging pre-existing libraries and frameworks. Open source offers numerous benefits, yet it's not without its challenges. A significant hurdle is ensuring that dependencies remain up-to-date. In our latest blog post, we delve into the complexities associated with updating open source components.

Building trust with customers often starts by demonstrating the right security controls. In the digital age, data security is paramount, and adherence to standards like ISO/IEC 27001, PCI DSS, and SOC 2 has become a key differentiator in the competitive market landscape.

We are thrilled to announce that Snyk has been acknowledged as a key player in the evolving landscape of application security. The recent release of Snowflake's Next Generation of Cybersecurity Applications report has designated Snyk as an Emerging Segment Leader in Application Security, highlighting our commitment to innovation and excellence in the field.

On November 14, 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM. The vulnerability was rated with a Common Vulnerability Scoring System (CVSS) score of 9.3, as it can be exploited remotely by an unauthenticated threat actor using crafted API requests to execute unauthorized commands. This vulnerability is caused by improper neutralization of special elements in FortiSIEM report server.

This week’s data breaches contained significant impact figures from around the world. Malware on a vendor’s computer inadvertently breached Japan’s Line Messenger. New York’s East River Medical Imaging suffered the loss of employee and patient record information. The Pan-American Life Insurance Group faces a 105k record data breach through MOVEit.