Aviva Zacks of Safety Detectives recently interviewed Moshe Zioni, VP of security research of Apiiro. She asked him about how his company is leading the way in software development lifecycle security.
Safety Detective: Can you tell me what you like about cybersecurity?
Moshe Zioni: Cybersecurity for me is always relevant and so interesting. When considering the internet and its arena, it gives us as actors to explore and offers new ways to communicate and interchange knowledge. For me, security within that is the most fascinating element. It’s intrinsic to learning how things work, and how things can be broken. And by that same token, how can we fix them?
SD: Tell me about your company’s services.
MZ: Apiiro is a startup based in Tel Aviv. The setup itself started around two and a half years ago from our two founders. Its sole purpose is to build a single solution that contributes to supply chain and SDLC (software development lifecycle security) by contextually mapping and orchestrating different findings, vulnerabilities, and mapping software into a multi-contextual view.
The classic way of looking at software was and still is very one-dimensional. Our vision is to have it in a multi-dimensional risk matrix. We are providing a solution right now as a single point of contact and single pane of glass, to view your risk, observe it, discover your application assets, and of course, remediate and then measure the remediation and progress as we go.
SD: Who uses your services?
MZ: Our customer base is any company that is involved in software development, which makes up pretty much 100% of any corporations right now including startups, of course, that have their own development team or teams and need this level of security.
I would say almost 100% because maybe the negligible .01% will be those that are farmers or anyone that is not developing software practically. But today, every bank, every big pharma, and any kind of corporation has its own development teams, as well. So, you don’t have to be in high tech or any kind of software development per se, you always have software development in-house, because that’s the way we automate the world around us.
SD: What makes your company unique?
MZ: The model contextual view that I’ve just mentioned is very unique by itself. But to dig deeper into this statement, I would say that we have invested a lot of time and effort into researching the knowledge needed to understand developer behavior, in order to understand software development with behavior.
This means we look at the evolution of how software is being developed, what is risky, what is not risky, and what types of behaviors and incidents make more sense to follow. One of the major problems many organizations face right now is that they have alert fatigue over all of those findings and vulnerabilities being found or maybe even unknown within their software. Many don’t even know how to start the application security program in their corporations and development teams.