Securing your source code is an ongoing commitment for our team. We’ll never be done, but your peace of mind is well worth the extra effort and attention to detail. Today, we take yet another step in creating a holistic solution for our customers to ensure a secure home for your source code. Password code scanning and two-factor authentication are two newly implemented and highly requested features that reflect our dedication to security and data privacy.
Last year, we began offering static code analysis to detect vulnerabilities in proprietary and open source code to prevent insecurities from being deployed in customer products. Today, we are are introducing a code security scanning tool that works specifically and automatically to find passwords and access keys hardcoded within source code.
According to the Sonatype DevSecOps Survey, the number of downloads of open source software with a known vulnerability doubled from 2015 to 2017. These vulnerabilities are being incorporated into live code and products, and present a real risk to businesses and their customers. By offering a code scanning security tool, Assembla is enabling customers to “Shift Security to the Left” versus the traditional, and deficient approach of securing data solely at the endpoint. Even as tech giants like AWS introduce compelling security features such as “Firewall Manager” and other endpoint securing tools “up the stack”, it's just not enough. One of the most comprehensive ways to ensure secure products, is to ensure secure code. Our code scanning capabilities are a key part part of your line of defense.
The focus on endpoint security alone, presents another, perhaps even more damaging threat: Crippling fines caused by GDPR noncompliance.
For those doing business in the EU, as of May 25th, which is when GDPR commences, companies must build secure software. One of the key principles of GDPR is “secure by design.” Global governments are pursuing regulation for “software liability” meaning if you are putting known defective parts in your software, you will be held accountable. Poor design practice will be a finable offense. In some regions, such as France, governments have introduced policy to hold enterprises liable for the life of the product on the market.
For these reasons, and for overall security best practices, the code security scanning tool will be available to all Assembla users and will be an easy step for you to protect your IP and products.
Today, weak passwords are the route of many high profile data breaches hitting the headlines. Two-factor authentication is a security best practice that can reduce your organization's risk of data breaches due to weak or compromised credentials. Our feature uses a third party app, like Twilio’s Authy, to get a randomly generated code for access into the Assembla app. You can enable Two-Factor Authentication here.
These security measures were implemented with ease of use and helpfulness in mind and we invite you to start taking full advantage of their benefits immediately.
Security is hardwired into our philosophy. One data breach can cripple an organization and it’s our commitment to help customers never be in that situation. Assembla is built to be a secure place to store source code, it isn’t retrofitted to be that way. We are currently Privacy Shield, Level 3 PCI and CSA STAR certified as well as SOC 2 compliant and committed to HIPAA and GDPR compliance. With these news features we are making good on our customer commitment towards securing source code in the cloud.
Watch the webinar with a demo of these features here.