DryRun Security has introduced a new security analysis tool designed to tackle the gap between developers and security professionals. Founded by James Wickett and Ken Johnson, the company aims to provide a solution to the problem that has been progressively worsening over the last two decades wherein software security has become misaligned with the way developers work. With a mission to make security an integral part of the software development process, the company’s tool will help developers identify and fix potential security bugs while they work on their code sections.
The founders of the company identified three fundamental gaps that present a challenge to application security teams. The first is testing for security issues after deployment, which often leads to wasted developer and security team cycles. The second gap, false-positives, is caused by the flawed identification of many of the bugs. The third gap sees application security teams lacking an accurate picture of the code reviews that require their expertise, given the sheer number of daily and weekly code updates, often leading to inaccurate and delayed security testing.
DryRun Security’s tool is designed to bring context to security testing, running testing and security analysis at the point where developers work. The tool performs Contextual Security Analysis, which builds the security context of the code and gives developers feedback in real-time as they write new code. This will help developers to identify and resolve potential security bugs at the point of coding, before they become bigger problems that are expensive to fix.
“The disconnect between engineers and security testers is due to a lack of security context making it back to developers,” said Wickett, CEO and Co-Founder of DryRun Security. “DryRun Security was created to address this fundamental disconnect under the assumption that developers truly care about the security of the products they are building. With that assumption, we believe that security should be an integral part of the software development process. That’s why it’s our mission to provide engineers with a tool that makes it easy to identify and fix potential security bugs while the developer is working on that section of code.”
According to Ken Johnson, CTO and Co-Founder of DryRun Security, providing developers with the ability to integrate contextual security analysis into their development workflow is key to making better decisions and creating more secure applications. A unique feature of DryRun Security is the proprietary approach it has developed by training over 10,000 developers on security testing and code reviews. This approach bridges the gaps of mainstream security testing approaches and allows developers and security teams to fix potential bugs before deployment.
The company is currently running a private beta for its product and is accepting sign-ups to the list. For more information about the DryRun Security tool and the company’s mission to provide a solution to the gap between developers and security professionals, please visit their website.