“Low-level Apple employee leaks sensitive iPhone code”,
“Telsa ex-employee uploads autopilot source code to iCloud”,
“Magic Leap says ex-engineer copied code for Chinese AR headset”,
“Hackers compromise four AV firms, offer source code for sale”,
“Samsung leak exposes source code, passwords, and employee data”.
When companies with top talent and technology can’t protect their source code, it’s not just a problem, it’s a raging epidemic.
These high-profile source code attacks have dominated the headlines since 2018 and show little sign of slowing down.
Despite this decade’s explosion of cybersecurity solutions, source code security has remained a veritable blindspot in the industry. It’s compounded by a growing paradox: the value of source code is on the rise, as it houses more and more of an organization’s critical assets, while unchecked and increasingly distributed workflows in its development are widening its attack surface.
A solution to stop source code attacks in its tracks; enter Cycode
Lior and Ronen – cyber security experts and co-founders at Cycode
Over the course of our cyber careers, we’ve come to appreciate the incredible incentive to steal code. Today, source code is one of the most valuable organizational assets for a hacker to steal.
We decided enough was enough and built the industry’s first solution to close this critical security gap
Backed by YL Ventures, we are proud to announce the launch of Cycode, the first source code control, detection, and response security solution.
Why is source code so valuable?
Stolen source code is a code red risk, that can be weaponized as a means by which to attack an organization through its own systems.
As the developer of an enterprise security product, Ronen noticed how often his engineers were targeted by hackers hoping to grab proprietary code. This issue was exacerbated by how dispersed the developer team was, which made it nearly impossible to properly track or secure it.
At the same time, through my exposure to many different products as a solutions architect, I came to realize just how inadequately existing solutions addressed the widening distribution of the source code sprawl.
This sprawl is the result of the rise of remote high-level security permissions that are issued to increasingly scattered teams of internal and outsourced software developers.
Once strictly on-premise, source code repositories are today spread across open platforms to accommodate remote work culture.
While developers are reliant on this flexible type of access for efficiency and productivity, it has been an absolute nightmare for enterprise security teams who lack visibility and control over source code repository access and activity, leaving them unable to perform basic compliance and audits.
Source code vulnerability is not a departmental problem. It affects the entire organization.
Source code is only going to increase in value for enterprises down the line and its development workflows are only growing increasingly scattered.
We set out to create a solution that would empower security teams to reaffirm their distributed source code repository security posture without interfering with the necessary freedoms developers require to carry out their jobs.
To do this, we engineered Cycode’s Source Path Intelligence Engine (patented), a seamless mechanism that delivers visibility into the entirety of an organization’s source code to detect and respond to anomalies.
Now, enterprises can configure Cycode to its SCMs for frictionless deployment in a matter of minutes.
We built this solution for any organization that is reliant on its source code or that develops software.
As developers ourselves, we too have caused security executives to pull their hair out as we rid our laptops of clunky security tools to keep our machines running as efficiently as possible.
As the architects of the industry’s first source code solution, we are determined to set the industry standard for source code protection.