Cipher Wall is a product security consulting company, specializing on all aspect of product security including building and maintaining controls. They are powered by world class staff who helped top tier companies in their careers secure their products.
What we built….
Since Cipher Wall provides controls deployments services vs only consultation. There has been a need to build many security integrations. For example, building a full end to end vulnerability remediation cycle by integration of vulnerability sources, to vulnerability management systems, to developer sprint as tickets for triage. Integration is bidirectional to support updates both ways with many reports to show burndown charts, SLA violation reports and so on.
For all security teams, once they discover vulnerabilities, knowing what to do with them can become an extremely time consuming process. This process faces many challenges which if not addressed properly, will lead to complete loss of track of the vulnerabilities and eventually expanded risk exposure for the whole organization, an example of those challenges are.
- High number of vulnerability sources. A vulnerability source is basically a scan engine, some scan code, some scan laptops, some scan cloud infrastructure, etc..
- Developers don’t want not need to learn and login to new systems to check their vulnerabilities.
- Companies need to see burndown charts of their vulnerabilities being closed.
- Companies need to measure violations to their SLAs
- Developers need to see the vulnerabilities in their existing ticketing systems (Jira, github issues, etc…)
- Teamleads need an easy way to identify security vulnerabilities in their backlog to include them in sprints.
- Companies need a way to mark a vulnerability as false positive, when that happens, it should be closed all the way up in the vulnerability sources automatically and reflecting on the reports as well.
- And many more…
Working closely with Cipher Wall we have tremendous success in identifying the use case requirements which lead to the design and implementation of that system.
As always, each project we serve our clients with, comes with added and free-of-charge architectural and security oversight.
For more technical details on this project, please refer to our blog posts.