Relying primarily on blame & shame to drive security efforts is bad.
Providing private feedback to developers is better.
Empowering developers to fix security issues early and effectively is awesome.
Recognizing developers who fix security issues that already exist in production, is W00T W00T!
Since the inception of AppSec, the developer-security relationship has been strained. Developer’s often feel as though they’re getting reprimanded by security who they view as getting in the way of development velocity and pushing features.
Security on the other hand has a job to do and despite the best intentions of their “shift left” initiatives and tools, what ends up getting shifted left is risks that require development effort to mitigate. In other words, security tools provide an output of the stick, but not the carrot, which can motivate developers better.
Arnica has built the git version bringing fresh cookies to a coworker who helped you out! Whenever a code risk existing in your production environment has a fix in a feature branch, Arnica will recognize the fix and the developer who pushed the change. When a pull request is opened, the do-good developer will get a shoutout as a comment in the pull request in a celebratory view, so that peer developers will appreciate it as well.
Most security products find risks and even show the risks to a developer. Arnica not only makes the fix as easy as possible by sharing the most important context like detailed vulnerability information, deterministic or AI-based recommendation, and who is best suited to help fix an issue... but Arnica might be the only product to present and celebrate the fix among peer developers!
Application security is a serious business. But it’s important to have a little fun along the way and it is especially important to celebrate the developers who are ensuring the security and resilience of the products they are building. Since deploying w00t w00t for early adopters, we have seen an increase in production risks mitigated. As one developer shared with us, “I just want to see every variation of the w00t w00t!”
Go to your Policies in Arnica, and give your developers a w00t w00t:
Enterprises today are faced with the need to harden their DevOps ecosystem to combat the proliferation of Software Supply Chain Attacks. These organizations are faced with the growing challenge of balancing development velocity, cost efficiency, and security.
Managing excessive developer permissions and identifying corresponding anomalous behavior are two obstacles in the way of establishing this equilibrium. Arnica was established to solve these obstacles by providing a seamless and frictionless active mitigation platform for exactly these issues and more. Arnica is the easy button for DevOps security.
Arnica analyzes excessive permissions, code risks and misconfigurations across the developer toolset and mitigates them.
press@arnica.io
