Rein Security Emerges to Analyze Reachability of Application Vulnerabilities

Written By:  on 

Rein Security has emerged from stealth to launch an application security platform capable of determining the reach of a vulnerability based on which libraries and application programming interfaces are actually running in a production environment.

Fresh off raising $8 million in seed funding. Rein Security CEO Matan Bar Efrat said DevSecOps teams can now gain that visibility by adding a single line of code to an application in a way that adds less than one millisecond of performance overhead.

The overall goal is to eliminate the guesswork that today results in application developers wasting massive amounts of time investigating vulnerabilities that are not actually present in the code running in a production environment, said Bar Efrat.

Rather than relying solely on scanning tools run as code is being developed, Rein Security adds an ability to assess the threat risk of any newly discovered vulnerability discovered in a production environment, he added.

The issue is only going to become more problematic as tools that are relying on large language models (LLMs) to generate code inadvertently embed more vulnerabilities that, given the volume of code being managed, are now more likely than ever to find their way into production environments, noted Bar Efrat.

Unfortunately, adoption of best DevSecOps practices remains uneven.

recent Futurum Group survey finds well over a third of respondents expect their organization to increase spending on software security testing (39%) and application programming interface (API) security (36%) over the next 12 to 18 months. Overall, about 35% said they also plan to make some type of investment in application security, the survey finds.

As the number of vulnerabilities being discovered continues to increase, the amount of time application developers are now devoting to researching whether they actually affect the code running in a production environment has steadily increased. Most organizations would, of course, prefer that time to be allocated to writing new code versus investigating vulnerabilities, many of which turn out to not be especially significant.

The issue is that the number of vulnerabilities that are likely to become significant is also expected to increase in the age of AI. Researchers are now using AI to discover more vulnerabilities, which cybercriminals are then similarly using AI to create exploits for those vulnerabilities faster than ever.

Ultimately, that acceleration of cyberattacks aimed specifically at applications will require organizations to revisit their existing DevSecOps workflows. The challenge is that for every one member of a DevSecOps team, there might be tens of developers generating vulnerable code. Without some ability to automate the development and deployment of patches to remediate vulnerabilities, it’s apparent that DevSecOps teams will be overwhelmed.

The challenge, naturally, then becomes making sure the proverbial cure isn’t actually worse than the disease by finding ways to also automate the testing of patches before they are applied. Otherwise, faster patching might also inadvertently lead to more applications being taken offline because one dependency or another in the code broke.

Hopeful, there will come a time when DevSecOps workflows are autonomously managed by AI agents, but in the meantime, there is no substitute for continuous vigilance.

Original article: https://devops.com/rein-security-emerges-to-analyze-reachability-of-application-vulnerabilities/