Meet Jeff Williams, CTO and Co-Founder at Software Security Company: Contrast Security

Many businesses turned to digital transformation and the development of new applications and enhancement of existing ones to sustain business during the pandemic and to lay the groundwork to propel themselves out of the pandemic. But as organizations ramped up their development efforts, many found themselves without the right application security strategy and were hamstrung with legacy application security approaches.

The Contrast Application Security Platform transforms application security into an enabler of digital transformation by instrumenting security from within the software with results that include 17x faster mean time to remediate, 10x faster scans, up to 95% fewer false positives, and dramatically lower application risk. With 77% of CEOs saying the pandemic accelerated their digital transformation plans, outcomes provided by the Contrast platform, including time to market, risk, and efficiency, are differentiated competitive advantages.

The Contrast Application Security Platform provides a comprehensive view and control of risk across the software development life cycle (SDLC) and offers the ability to apply security policy to an application, team, business unit, or enterprise. The Contrast platform includes:
 

  • Contrast Assess: Provides continuous vulnerability assessment that integrates seamlessly with existing SDLC processes.
  • Contrast OSS: Delivers automated software composition analysis (SCA) by detecting security and compliance vulnerabilities in third-party libraries and frameworks.
  • Contrast Protect: Observes code behavior in running applications and intelligently blocks threats with runtime protection and observability.
  • Contrast Scan: Revolutionizes code scanning with pipeline-native static application security testing (SAST) with the speed, accuracy, and integrations to work seamlessly without disrupting your software delivery.

 
 
Contrast Security Launches Next Generation Open Source Software Security  Platform for DevOps
 

What is the drive behind Contrast Security and what role do you play in this?

 
 Developers are measured on the amount of code they write and the speed at which they release it. When it comes to security, legacy application security approaches leave them at the behest of application security experts who must run the scans, triage the results, and pass true vulnerabilities onto them for remediation. This consumes valuable time and slows development cycles.

Modern DevSecOps requires a full set of capabilities across the entire SDLC. This integrated set of application security tools provides organizations with the right tool for each type of security analysis and defense. Contrast Scan shifts security left into development and enables organizations to demonstrate compliance with industry standards and corporate policies. Contrast Assess and OSS are the right tools during testing for both custom and open-source library code, whereas Contrast Protect shifts security right into production with runtime protection and observability. All of these are critical elements of an application security strategy and share TeamServer, the common user interface for the Application Security Platform that delivers an integrated, real-time dashboard versus snapshot PDF reports that are the norm in typical application security “tool soup” environments.

 Since our founding in 2014, Contrast Security has been focused on modernizing application security. Our goal is to unify security and development teams with one DevSecOps platform across the entire SDLC that increases accuracy, improves developer productivity, and scales for comprehensive software coverage. Benefits of the Contrast Security Platform include:

Scale AppSec. Legacy approaches to application security and compliance require too many tools, expertise, and cost to meet the velocity demands of today’s digital business. In response, organizations need to deploy a fully distributed and scalable application security platform, like the Contrast Application Security Platform, across an entire portfolio with hundreds or thousands of applications. With the Contrast platform, organizations can avoid wasting valuable time and resources on manual workflows and processes while scaling to secure unlimited applications and API connections.

Unleash DevOps. Legacy approaches for application security create security roadblocks in development release cycles and require specialized security expertise to manage. In response, organizations need an application security approach that simplifies vulnerability and attack management by automating security and natively integrating application security into the SDLC. With security instrumentation that embeds security within the software, time-consuming and unnecessary security scans, noisy false positives, and the requirements for specialized security staff are eliminated.

Eliminate noise. Security and development teams are experiencing security alert overload due to time spent remediating noncritical vulnerabilities and attacks while missing true risks. Contrast addresses this problem directly measuring how software behaves, observing critical security events that help to prioritize remediation. Continuous observability of application security provides accurate insights in application runtime that eliminates false positives and associated alert fatigue.
 

 

What advice would you give to other aspiring business leaders?

 
The key to winning most markets is to be the best at delivering great software fast. To do this, you’ll need a different approach to application security that operates from the inside out. Traditional outside-in security approaches cannot scale to meet the demands of modern software development and will kill your velocity. Unable to keep up with scans and prioritize vulnerability remediation, security debt and risk accumulates. With 39% of data breaches in the past year tied to application vulnerabilities, the importance of application security cannot be understated. Knowing how to prioritize vulnerability remediation and empowering developers to do so within the CI/CD pipeline and within their IDE tools is critical.

Effective management of security debt translates directly into lower risk. Over time, as Contrast customers reduce the number of vulnerabilities—with particular attention paid to those categorized as serious—in their applications, they are able to reduce their risk by 1.7x. With nearly all organizations admitting to three successful application exploits in the past year and over three-quarters of them pegging the cost of each over $1 million, the business case has never been clearer.
 

What is Contrast Security working on and what can we hope to see in the future?

 
Rather than trying to assemble a “tool soup” of legacy tools, Contrast has combined the best, modern application security technologies into a single platform.  In addition to our revolutionary IAST, OSS, and RASP products, we just released Contrast Scan that uses pipeline-native security scanning that transforms static application security testing (SAST) by enabling application security teams to analyze code and detect vulnerabilities early on in the SDLC. Key outcomes include 10x faster scans, great integrations, and 30% improved efficiency. At the same time, Contrast Scan enables organizations to meet strict compliance requirements—everything from industry standards to corporate security policies.

Contrast Scan enables enterprises to realize the promises of digital transformation by unleashing DevOps while scaling application security to the demands of modern SDLC. Our premise is that organizations should not be forced to choose between speed and security. Contrast Scan, which integrates seamlessly into the Contrast Application Security Platform, achieves this objective and offers a path to DevSecOps that allows organizations to secure any application from anywhere. In doing so, the Contrast platform delivers continuous security that natively integrates into all stages of the SDLC.