DryRun Security have emerged from stealth with the mission to fix the disconnect between security and developers, with the premise being that all developers fundamentally care about security.
The company, founded by technology veterans James Wickett and Ken Johnson, is creating a new security analysis tool to find potential bugs sooner than any other security solution on the market while being better aligned to how developers actually work.
Co-founders James Wickett and Ken Johnson created DryRun Security after observing that in the past 20 years software security has become misaligned with the way developers build. The arc of the industry has created silos where legacy security solutions have been geared towards security professionals rather than those who write the software.
This leads to three significant gaps. The first is testing for security issues after it’s been deployed leads to wasted developer and security team cycles when problems are discovered.
The second is many of the bugs being identified are not even relevant, resulting in false-positives. Finally, the third is application security teams lack an accurate picture of which code reviews require their expertise.
This is further exacerbated by the sheer velocity and number of daily and weekly code updates. All of these problems lead to inaccurate, delayed, and often incorrectly prioritised security testing and ultimately, an overall less-secure codebase.
DryRun Security believes it fixes the disconnect between security and developers by performing Contextual Security Analysis which runs where developers work.
As a developer writes code, they dry-run security testing and analysis and get results back in near real time, which is where the name “DryRun” comes from. This type of testing builds the security context of the code and provides feedback to developers whenever they make changes or write new code.
“The disconnect between engineers and security testers is due to a lack of security context making it back to developers” said James Wickett, CEO and Co-Founder of DryRun Security. “DryRun Security was created to address this fundamental disconnect under the assumption that developers truly care about the security of the products they are building.
“With that assumption, we believe that security should be an integral part of the software development process. That’s why it’s our mission to provide engineers with a tool that makes it easy to identify and fix potential security bugs while the developer is working on that section of code.”
“At DryRun Security, we understand that once a developer can see the security context of their changes, they can make better decisions and create more secure applications,” said Ken Johnson, Co-Founder and CTO of DryRun Security. “This is different from the way that testing has been happening over the past two decades which has made fixing bugs inefficient, driving up costs and creating unnecessary hurdles for developers and security professionals.”
“I experienced these headaches firsthand, which is why I started DryRun Security with James. Our belief is that the solution we provide will give developers the ability to integrate contextual security analysis into their development workflow and fix issues before they become bigger problems.”
DryRun Security is currently running a private beta for their product and they are accepting signups to the list.