GitLab - Experts & Thought Leaders

HackerOne, a pioneer in offensive security solutions, announced the appointment of Nidhi Aggarwal as Chief Product Officer (CPO) and member of the executive leadership team. Aggarwal will lead the execution of HackerOne's platform vision and product strategy, unifying the company’s product portfolio around a more integrated, AI-powered experience that seamlessly scales human security expertise through AI agents to not just find but remediate vulnerabilities. HackerOne’s product evolution Aggarwal’s appointment comes at a pivotal moment in HackerOne’s product evolution Aggarwal’s appointment comes at a pivotal moment in HackerOne’s product evolution. Over the past few months, the company released several significant innovations, including new features with Hai, HackerOne’s AI security agent first introduced in February 2024.  These new capabilities — Hai Program Insights, Benchmarks, Recommendations, and Findings — help customers prioritize and act on vulnerabilities more effectively. HackerOne's new Hai Play HackerOne also introduced a new Hai Play, which automatically calculates Return on Mitigation (RoM) based on an organisation’s unique vulnerability data and context.  Additionally, HackerOne is expanding its platform ecosystem by adding integrations with ServiceNow, Secure Code Warrior, and GitLab, as well as enterprise-grade functionality through automations.  Prior roles of Aggarwal Aggarwal brings over 15 years of experience driving growth and innovation at companies A seasoned technology entrepreneur and product pioneer, Aggarwal brings over 15 years of experience driving growth and innovation at companies ranging from early-stage startups to global enterprises.  She co-founded Qwiklabs, a cloud configuration platform acquired by Google, and held executive leadership positions at Tamr, an AI + human-in-the-loop master data management platform where she led product and marketing. She also previously worked at Wellington, Hewlett-Packard Labs, VMware, and McKinsey & Company. She holds a Ph.D. in Computer Science and serves on the Board of Visitors for the Computer Science department at the University of Wisconsin-Madison, which honored her with an Early Career Achievement Award. HackerOne’s leadership in the AI era “Nidhi’s appointment will accelerate HackerOne’s leadership in the AI era,” said Kara Sprague, CEO of HackerOne. “She brings the strategic clarity and operational depth to drive execution of our AI-centric platform vision, deliver more customer value, and ensure that innovation remains at the heart of everything we do.” HackerOne's next-generation platform “HackerOne has a unique opportunity to redefine security in the AI era," said Aggarwal. "By combining human expertise with the power of AI, we're uniquely positioned to deliver high-quality security findings with unprecedented scale and speed." "Our AI-powered platform accelerates vulnerability discovery, triage, and response while equipping both security researchers and customers with intelligent tools and real-time insights. I'm excited to join this exceptional team to build a next-generation platform that enables security and development teams to find and fix vulnerabilities before adversaries can exploit them."

Checkmarx, the industry pioneer in cloud-native application security for the enterprise announced its Checkmarx Technology Partner programme, enabling organisations to easily extend the AppSec platform with a wide range of technology partner capabilities. Better security outcomes The combination of best-of-breed technology partners with the enterprise AppSec platform helps organisations shift everywhere, from code to cloud, with a unified AppSec posture integrated into the software development life cycle (SDLC). Checkmarx’s Technology Partner programme helps organisations simplify management across their AppSec programmes, get more value out of existing AppSec solutions, and drive better security outcomes. Software development lifecycle  Providing broad support for greater AppSec maturity throughout the entire SDLC, the Checkmarx Technology Partner programme enables partners and their customers to centralise and simplify discovery in these key areas through Checkmarx One: Vulnerability and risk management systems: Aggregate, normalise, and prioritise vulnerabilities and risks with a unified, holistic view with partners like ArmorCode, Brinqa, and ServiceNow. SDLC tools: Integrate AppSec at all stages of the software development lifecycle within the environments and tools used daily by analysts, developers, and testers with partners like GitLab, JetBrains, and Security Compass. Cloud and runtime security: Match cloud assets at runtime with application source code projects so that vulnerabilities found in the developer source code are enriched with runtime context and runtime cloud security inventories are enriched with AppSec findings, all possible through partners like AWS, Cisco Panoptica, and Sysdig. Emerging technologies: Work with the most innovative startups and technologies including AI and GenAI to shape tomorrow’s AppSec solutions landscape with partners like Mobb.ai. AI-driven, enterprise-ready AppSec platform Expanding this ecosystem simplifies the process of mitigating AppSec risk for our partners’ customers" “Expanding this ecosystem simplifies the process of mitigating AppSec risk for our partners’ customers, making their applications exponentially more secure during a time of escalating threats,” said Kobi Tzruya, Chief Research and Development Officer at Checkmarx. “From protecting AI-generated code to helping build trust between developers and security teams, Checkmarx One is already the AI-driven, enterprise-ready AppSec platform of choice." Streamlined, consolidated solutions "Now working with other pioneering technology companies to meet the need for streamlined, consolidated solutions will make life easier and applications safer for everyone.” Checkmarx recently announced Sysdig as its latest technology partner, bringing runtime container insights into Checkmarx One so organisations can prioritise vulnerabilities associated with container packages that are actually running and that pose the most risk.   Application security vendors The top application security vendors have a responsibility to team up to provide more robust and complete solutions" “The top application security vendors have a responsibility to team up to provide more robust and complete solutions for the world’s enterprises,” said Bryan Smoltz, VP of Technology Alliances at Sysdig. “By delivering runtime insights within Checkmarx One, customers have clear visibility into the workloads that are running in production so they can make better-informed security decisions. Together, we’re helping to bring maximum protection at cloud speed.” Readily accessible solutions Technology partners also benefit from the programme with new marketing and sales opportunities, and by making their solution readily accessible to Checkmarx’ more than 1,800 customers, including 60% of the Fortune 100. The Checkmarx One platform scans more than 100 billion lines of code monthly and its world-renowned Checkmarx Labs security research team provides ongoing threat intelligence to inform product development and to advise customers of their best defences in the current threat landscape.

Cequence Security, the provider of Unified API Protection, announces it has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing. This API Security Testing framework encourages shift-left efforts by giving security and development teams the tools to quickly uncover and remediate API vulnerabilities in pre-production environments that could otherwise lead to business disruption in production. API traffic analysis With API Security Testing, security and development teams can integrate continuous and automated testing of their pre-production APIs into their development and release cycle. For scenarios where no API specifications exist, security teams can leverage real-time API traffic analysis to baseline API specifications based on runtime traffic, eliminating the need to search for owners of legacy APIs or create specifications from scratch. API Security Testing complements our runtime compliance capabilities that detect security risks" “Driven by the rapid rise in API exploits caused by coding errors, security and development teams are looking at ways to improve their API testing efforts without jeopardising their continuous development release cycles,” said Varun Kohli, Chief Marketing Officer at Cequence Security. He adds, “API Security Testing complements our runtime compliance capabilities that detect security risks such as business logic abuse and OWASP API Top 10 risks in production APIs. With API Security Testing, teams can apply the same compliance and security checks to their build processes to detect compliance issues earlier in the development cycle for pre-production APIs.” Sensitive data exposure Key capabilities of the new offering include: Continuous integration (CI)/Continuous development (CD) and Collaboration Tools Integration: Integrates with CI/CD tools like Gitlab, Azure DevOps, Jenkins and Bamboo, allowing developers to run tests against their pre-production APIs to detect and report security risks. Visualise Results and Remediate Test Failures: Security and development teams can visualise results and drill down into details to quickly understand the compliance issues identified in pre-production APIs. Summary reports allow results to be exported and shared with API owners and development teams for quick remediation and re-execution of tests. Comprehensive OWASP API Top 10 Risk Detection: Detects security risks including the OWASP API Top 10 and business logic risks, including introduction of shadow APIs and sensitive data Administrators can define customised sensitive data exposure and custom risk categories for different groups of APIs based on the vertical. For example, retail customers can create policies configured to look explicitly for credit card numbers, while automotive customers can monitor and prevent exposure of vehicle identification numbers. API Security Testing is part of the Cequence Unified API Protection solution and leverages an open, extensible architecture to seamlessly integrate into existing API protection infrastructure.