Press Relase / News Release Distribution Service [@Press]

Top > Press Release List > 「Security (for businesses)」Press Release
Note: This page is a machine translation of the Japanese original and is provided for reference only.
In the event of any discrepancy between this page and the original, the original shall prevail. Click here for the original text.

LAC supports vulnerability countermeasures from the early stages of application development Security Vulnerability Advisory Service by Snyk to Support Vulnerability Countermeasures Security Vulnerability Advisory Service by Snyk Security Vulnerability Advisory Service by Snyk

~Snyk is used to achieve secure and rapid development~.

株式会社ラック

LAC Corporation (Headquarters: Chiyoda-ku, Tokyo; President and CEO: Itsuro Nishimoto; "Lack") will start offering "Security Vulnerability Advisory Service by Snyk" on August 27, 2024, to help customers strengthen security measures in their application development process by leveraging its accumulated knowledge and experience. Security Vulnerability Advisory Service by Snyk" will be available from August 27, 2024.


Security Vulnerability Advisory Service by Snyk

https://www.lac.co.jp/consulting/snyk.html



In recent years, application development has been shifting from traditional waterfall development to development methods that repeat releases in short cycles, such as agile development. Therefore, Static Application Security Testing (SAST), which finds application vulnerabilities without executing code, is based on a shift-left approach that emphasizes security from the early stages of the development process, Software Composition Analysis (SCA), which examines software components, and Dynamic Application Security Testing (DAST), which identifies vulnerabilities while the application is running. (SCA) and Dynamic Application Security Testing (DAST) to identify vulnerabilities during application execution.


Lack has been providing consulting services on the effective use of such tools and advice on improvements to related organizational rules and regulations. As part of this service, we now offer "Security Vulnerability Advisory Service by Snyk" for customers who use Snyk in the development process. This service provides support for the formulation of diagnostic rules and countermeasure standards, and advises on the risk assessment of vulnerabilities detected by Snyk in the development process and the priority order to deal with them. Through this service, we support security measures of customers who promote shift-left in security.



Composition of the Service

This service consists of the following two solutions


(1) Organizational rule formulation and diagnosis target selection solution

In order to implement high-priority countermeasures against vulnerabilities, the service formulates diagnostic rules and countermeasure criteria based on the organization's security policy and regulations, and effectively selects targets for diagnostics. Customers can efficiently conduct diagnostics and prioritize the vulnerabilities detected and addressed.


Support Contents

Establishment of diagnosis rules based on corporate security policies and regulations

Analysis of systems to be diagnosed and prioritization of applications to be selected.

Assistance in formulating countermeasure criteria (countermeasure priority, deadline guidelines, etc.) for detected vulnerabilities, and reporting of the organized results.

Formulation of rules for better use of Snyk within the organization


(2) Third-party assessment solution

Support the use of Snyk Code (SAST) and Snyk Open Source (SCA) in order to proceed with countermeasures against detected vulnerabilities while incorporating the opinions of experts.


Support Contents

Third-party evaluation of the response policy created by the client for the detected vulnerabilities

Prioritization of response policies

Prioritization of response policies.



About Snyk

https://snyk.io/jp/

Snyk is a developer-first security platform. Snyk is a developer-first security platform that not only finds vulnerabilities in code, open source and its dependencies, containers and Infrastructure as Code (IaC), but also prioritizes and fixes them. Snyk is currently used by more than 3,000 customers worldwide, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce.



●About LAC Corporation

https://www.lac.co.jp/

Lack provides services to solve a variety of social and business challenges with its extensive experience in cyber security and system integration and the latest technologies. Since its inception, the company has been involved in the development of infrastructure systems that support Japanese society, including financial and manufacturing industries. In recent years, it has also been involved in the latest IT services suited to the DX era, such as AI, cloud computing, and teleworking. Since launching Japan's first information security service in 1995, we have been at the forefront of the latest cyber-attack countermeasures and incident response, including JSOC, one of the largest security monitoring centers in Japan, Cyber Emergency Center, vulnerability assessment, penetration testing, and IoT security. LAC is a leading company in the information security field.



LAC and LAC are registered trademarks or trademarks of LAC Corporation in Japan and other countries.

All other company names, organization names, product names, etc. mentioned herein are registered trademarks or trademarks of their respective companies.

All information is current at the time of publication and is subject to change without notice. Information is subject to change without notice.

Logo Image

Category:
Services
Genres:
Security (for businesses) Other IT/Internet (for businesses) General Business