Veracode CEO Sam King on Joining AppSec, Container SecurityKing Shares Why Software Smarts Trumps Infrastructure Expertise in Cloud Containers
The push to migrate applications to cloud-native architectures has driven increased use of containers and created the need for more security. Containers now face a host of vulnerabilities introduced through other software, misconfiguration and poorly managed secrets, such as Amazon Web Services credentials in Dockerfiles.
Veracode has been focusing on application security since it was founded in 2006. Veracode CEO Sam King says that application security heritage helps the company identify open-source code and known vulnerabilities in containers and fix them, while infrastructure security companies struggle to spot container software issues.
That's a differentiator for the company's new tool - providing insight into what's in the container as well as the vulnerabilities being inherited and running in production environments (see: Synopsys, Checkmarx Top Gartner MQ for App Security Testing).
"For us, everything is driven from software out, because ultimately it's about making what is in the container secure," King says. "A number of other providers that have come at this from a core outside of software security are potentially looking at it more outside in, maybe how the container is running in the runtime environment. But we are focused more on what the container contains."
In this video interview with Information Security Media Group, King also discusses:
- What the Synopsys-WhiteHat deal has meant for Veracode;
- Veracode's investments in the SCA and SBOMB markets;
- Issues for clients looking to secure their software supply chain.
King is a founding member of Veracode and has played a significant role in the company's growth trajectory over the past 16 years, helping to mature it from a small startup to a company with a more than $2.5 billion valuation. Under her leadership, Veracode has been recognized with several industry distinctions, including a nine-time consecutive leader in the Gartner Magic Quadrant, leader in the Forrester SAST Wave, and a Gartner Peer Insights Customer Choice for Application Security. Prior to Veracode, King held leadership positions in cybersecurity and technology companies including Verisign and Razorfish. She currently sits on the board of Progress Software and ZeroFox.