The ArmorCode Journey: Partnering with Customers to Secure the Future

Milestones like ArmorCode’s recent Series B funding invite both excitement about the future and an opportunity to reflect on the journey to this point. In this blog, I’ll trace ArmorCode’s evolution; from our origins to recent releases and planned innovation.

Looking back, a consistent thread emerges for ArmorCode: Customer Obsession. And this is one of the biggest reasons I joined the team. From our inception, ArmorCode has obsessively focused on solving customers’ software security challenges with practical solutions. What started as a mission to democratize application security has evolved into a unified platform to manage software security across applications, infrastructure, and the software supply chain with a holistic and risk-based approach. Looking ahead, this unification opens up synergies for Artificial Intelligence and Machine Learning to assist, accelerate, and automate security processes with ArmorCode as the hub of an intelligent software security ecosystem.

‍

How it all started: Solve the Biggest Challenge in the Simplest Way

Software security has been following a predictable path. Looking back three decades, there was little awareness of software security risks and vulnerabilities with nascent scanning capabilities. We didn’t know what we didn’t know. Then scanning and testing tools matured, and organizations became conscious of vulnerabilities and risk. However, these tools were complex to configure, generated many ‘false positives’ and noise, and organizations struggled to do anything about it. This is where things got stuck.

Finding vulnerabilities is not the same as fixing them, and fixing vulnerabilities is not the same as managing the business risk. Security testing simply illuminated the accumulation of technical security debt but did little to help teams manage the associated business risk effectively. ArmorCode was founded because this was a clear and present problem. Organizations needed to distill massive quantities of security findings into clear risk-based priorities. They were struggling to unify visibility across tools, correlate results, and assess risk in a predictable and quantifiable way to manage, measure, and report on security posture efficiently and effectively. In short, they needed to create clarity out of complexity.

Solving this problem required a different approach. The community was not asking for another testing tool. They already had enough scanning tools. Instead, they needed a solution that could work with any security scanner and seamlessly integrate into any software development process and ecosystem. This was the foundation of the ArmorCode platform. We created a tool-agnostic platform focused on the biggest challenges the community faced: unifying visibility and automating remediation workflows - built on top of a risk-based approach to software security posture management.

‍

How we got here: Customers are ArmorCode’s One True North

ArmorCode emerged as a pioneering Application Security Posture Management (ASPM) solution helping define a set of capabilities to unify application security testing data, facilitate risk-based prioritization, and automate remediation workflows. However, it quickly became evident the community needed to manage risk beyond application security. With the lines between application and infrastructure blurring and supply chain attacks mounting, customers challenged us to help them manage software risk holistically. We responded to this challenge by creating a unified platform that brings together ASPM, Risk-Based Vulnerability Management (RBVM), and Software Supply Chain Security.
‍

Today, ArmorCode boasts one of the broadest software security integration ecosystems with connectors to over 200 security and software development tools (with more added every week). ArmorCode integrations range across application security, vulnerability management, cloud security, threat intelligence sources, ticketing systems, development tools, and more. Every one of these integrations originated from customer requests.

In addition to expanding coverage and capabilities, customers constantly elevate our understanding of large and complex organizations with hundreds to thousands of developers. Customers are essential partners in developing and delivering mature enterprise-ready capabilities like robust risk scoring, comprehensive reporting across complex organizational structures, managing the posture across the product lifecycle, and advanced no-code automation. We look forward to accelerating and enhancing our capability to respond to customer needs and challenges with innovative solutions. Through it all, customers will always provide ArmorCode’s One True North.

‍

Where we're going: Manage Software Security Holistically and Intelligently

Following the thread of customer obsession, Software Supply Chain Security has emerged as a clear target for threat actors and a priority for security teams. Organizations are also trying to navigate the safe and responsible use of Artificial Intelligence (AI) to provide security teams with much-needed relief to manage software security at scale. And ArmorCode is expanding the platform to further meet these needs.

Software Supply Chain Security

The Software Supply Chain is now a top attack vector with vulnerabilities leading to far-reaching consequences. Many organizations struggle to diagnose whether they are vulnerable, prioritize based on business risk, and efficiently connect vulnerabilities with assets and owners to remediate. Addressing these challenges requires a holistic approach that combines Software Bill of Materials (SBOM) ingestion and management with thorough risk assessments and CI/CD posture management. ArmorCode will continue to enhance our platform to help customers address these challenges providing unified visibility across the software supply chain and software development ecosystem to diagnose, prioritize, and respond to supply chain vulnerabilities faster.

Leveraging AI to Assist, Accelerate, and Automate Software Security

As a software security hub that has ingested over 4 Billion findings to date across multiple source tools and organizations, ArmorCode is uniquely positioned to develop AI and Machine Learning solutions that deliver real value to security and development teams. We currently leverage our intelligent data graph to correlate scan data, findings, threat intelligence, and business impact to provide adaptive risk scoring and prioritization. The advent of generative AI creates intriguing possibilities for a closed-loop autonomous software security system where vulnerabilities are detected and remediated automatically. While we work towards this vision, our focus is firmly on practical and meaningful applications of AI. We are most excited about optimizing processes and the possibilities of choreographing collaboration across AI-enabled systems and security experts to minimize friction, reduce security workloads, and scale the impact of human expertise. These innovations will make it possible to tackle the software security challenges of today and tomorrow, and we look forward to sharing more soon.

Continuing to Innovate with Our Customers

This week marks a key milestone for ArmorCode and a springboard to further extend our leadership in unified software security management and accelerate the delivery of novel intelligent capabilities. As we look to the future, I want to thank our exceptional team and – most importantly – our customers. Your trust and partnership have guided us here, and I could not be more excited about continuing to innovate and grow together. For those who are new to ArmorCode and looking to mature and scale your software security program, I invite you to join us. It is going to be an exciting journey, and we are just getting started.