CHICAGO — Trust is a critical part of the creation, distribution and consumption of software. As systems become more complex and modular, this becomes increasingly challenging.
Teams have to ensure they have the right processes in place in order to ensure the packages, libraries and services they use in the code they ship meet a certain security standard.
“What used to seem like a very simple thing of me shipping your software and you deploy has now turned into this very lengthy process,” said Ian Riopel, chief customer officer at Slim.ai, when he spoke to Alex Williams, publisher of The New Stack, for this episode of TNS Demos.
This now “lengthy process” has two main outcomes: either it slows the pace of software delivery and disrupts developer workflows, or it means shipping software that doesn’t meet security standards; that could have disastrous, even significant legal consequences for organizations.
Slim.ai addresses this challenge by offering its users what it calls “a shared workspace for coordinating vulnerability fixes with your software vendors.”
In this demo recorded at KubeCon + CloudNativeCon North America, Riopel told Williams that one of the key benefits of Slim.ai is its ability to enable continuous monitoring.
“We think today that, in general, everyone focuses on going through an individual audit, and then I get through that audit, and I’m good,” Riopel said.
He added, “The reality is, that’s not really how security is supposed to work, we want to actually have a better idea of what our risk state is at all times.”
Rank, Remediate, Resolve
The tool follows the principle of “three Rs,” Riopel said: rank, remediate, resolve. Rank is about establishing “a common baseline,” ensuring that the data that everyone is looking at — whether they’re a vendor, or customer — is the same.
“What we’re trying to do is be intelligent and take in all that data, normalizing it, and then being able to add additional context such as, Are those vulnerabilities reachable? Do they have known exploits associated with them? Are there fixes available?”
Then comes remediation, where more detailed context helps users prioritize and plan the actions they need to take. Slim.ai leverages AI here, which allows it to analyze existing data to provide greater specificity around given vulnerabilities.
The value of the tool spans multiple roles, Riopel suggested. On the one hand, it can ensure a greater level of trust across the value chain — from vendors to end users. For those responsible for facilitating those relationships, that’s a huge win that can take significant pressure off their shoulders.
For developers, Riopel said, Slim.ai can free them to spend more time building features. “What we hear from our customers is, on average, they spend 30 to 40% of their sprint time just doing fixes rather than working on new feature functionality that their customer base ultimately wants, and what the developers actually want to work on.”
To see Slim.ai in action, watch the full demo. If you’d like to try it out for yourself, you can sign up for the beta platform to explore its range of features.
YOUTUBE.COM/THENEWSTACK
Tech moves fast, don’t miss an episode. Subscribe to our YouTube
channel to stream all our podcasts, interviews, demos, and more.
Wanda Parisien is a computing expert who navigates the vast landscape of hardware and software. With a focus on computer technology, software development, and industry trends, Wanda delivers informative content, tutorials, and analyses to keep readers updated on the latest in the world of computing.
