top of page

Results found for ""

  • CodeEye Solutions Unveils New VP of Product Security; Achieves Vendor of Record for the Province of Ontario

    Toronto, Ontario, Canada – March 26, 2024. Application and information security solutions company, CodeEye Solutions, today announced a significant milestone in their evolution, appointing Ronald Iraheta as VP of Product Security. In this role, Iraheta will leverage two decades of product development and application security experience to help fast-growing organizations streamline their application security efforts, minimize risk, and focus on delivering secure, resilient, and high-quality software solutions. Prior to joining CodeEye, Iraheta played a pivotal role in the success of the Priceline Partner Network, where he led the development of groundbreaking application security solutions that transformed the industry landscape. He played a leadership role at two of the most recognizable brands in the travel/hospitality industry worldwide, spearheading the Application Security programs. As VP of Product Security, Iraheta will oversee the technical direction of CodeEye’s Next-Gen Application Security Posture Management Solution (ASPM), IRIS.  He will lead technology strategy, product development, and technical operations. Iraheta’s visionary leadership and strategic mindset will be instrumental in shaping the technology roadmap for IRIS and positioning CodeEye at the forefront of the Application Security Posture Management (ASPM) market. “We are taking a different path from the current vendors in this space. I see a tremendous opportunity to fill those gaps with a complete solution from code development to production application security threat detection and remediation, not just for the enterprise, but for SMB clients as well,” said Iraheta. “I am ecstatic to have Ronald join our team. As companies struggle with managing point solutions, complex licensing, and application threat visibility, our team has architected a platform that provides real-time, AI-powered threat detection, correlation, and remediation throughout the application/product lifecycle,” said Rob Howes, CEO of CodeEye Solutions. “Our view on application security is going to change how organizations centralize, detect, prioritize, and remediate vulnerabilities seamlessly across all stacks,” said Howes. Vendor of Record Award CodeEye Solutions has recently earned the designation of Vendor of Record by the Ministry of Government and Consumer Services for IT Security Products and Services. The Vendor of Record (VOR) arrangement was established through an open, highly competitive evaluation of IT security products and related services, including, but not limited to, implementation, maintenance, and support services. A VOR is essential for all Ontario Public Service (OPS) ministries and agencies covered by the OPS Procurement Directive. CodeEye was successfully approved as a vendor in the following categories: Static Application Security Testing Dynamic Application Security Testing Working with an Ontario VOR solution, like IRIS by CodeEye, comes with many benefits, including compliance with procurement directives and time and cost savings throughout the procurement process. This acknowledgment underscores IRIS's exceptional standards in empowering organizations to streamline application security efforts, minimize risks, and focus on delivering secure, resilient, and high-quality software solutions. About CodeEye Solutions CodeEye Solutions is a leading Canadian provider of cutting-edge Application Security Audit / Offensive Testing and Application Posture Management Services, empowering organizations to safeguard their digital assets against evolving cyber threats. With a comprehensive suite of solutions, including IRIS, an all-in-one Managed Application Security Platform focused on maturing the needs of the SMB Market, we offer unparalleled protection for high-growth businesses with limited security resources and tireless development teams. Our expertise is application security, from the foundation to the product, coupled with expert guidance and support, to ensure that our clients can detect and mitigate security risks, improve code quality, foster collaboration between teams, and ensure compliance with regulatory requirements. For more information on CodeEye please visit www.codeeyesolutions.com.

  • IRIS API

    IRIS API Service is now available to all customers. Iris API service provides better visibility and will integrate Iris platform into the software development life cycle. Using the API will provide results from each scan and these results can be consumed by the internal services. This service will facilitate the integration of third parties such as Jira, Slack, or in a build system to block/hold a deployment. IRIS API service documentation is also available. With the documentation, developers can find all the necessary information about how the API works, and what data will be available through it. Customers can perform functions including: Accessing vulnerability data Scanning Releases under projects/applications Receiving remediation advice View Account/Users/Teams information Please contact CodeEye Solutions or live demo.

  • CodeEye Solutions announces unveiling of IRIS Code Risk Management Platform

    TORONTO, Nov. 30, 2022 – CodeEye Solutions, the IR, offensive/defensive security-led services company, unveiled its IRIS Code Risk Management Platform today. The new platform helps organizations build safe and secure applications,  provides the tools for secure code compliance and highlights business risk. As organizations adopt digital transformation to create new, competitive solutions for customers, ensuring that development teams are able to integrate the right security controls in an automated fashion means more secure products, better code, and provides executive teams the ability to measure the risk within a product development. IRIS can be deployed as a devsecops code scanning operational tool  integrated into the development process or it can be deployed as a secdevops compliance / audit tool, with weekly / monthly scanning capabilities for security teams to ensure policies are enforced, risks are identified and auditors can report on compliance. What separates IRIS from the market is our focus on business context,  risk visibility,  operational readiness and compliance. With the launch of CodeEye Solutions’ IRIS platform, organizations can now take advantage of managed, on-demand, or annual subscription application scanning services. The platform covers Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Third-Party library scans, Forensic Code Scanning, Executive Risk Management Module and much more. IRIS also integrates with many existing CI/CD tools and source controls (such as Github) and has its own API. “Many of our customers are asking us how they justify spending or measuring risk in development and if their teams are improving in secure development. Beyond the technical features that set IRIS apart, this is what our product does. We help clients understand risks wherever their code is and if their developers are increasing or decreasing that risk,” said Rob Howes, CEO of CodeEye Solutions. “Clients that have the compliance requirement but lack the resources or knowledge can also take advantage of our managed SecDevOps expertise,” said Howes. CodeEye Solutions is the only vendor in the secure code space that provides a managed practice for clients to take full advantage of. CodeEye anticipates that market demand for a managed code compliance will increase as budgets tighten for the next fiscal year and as internal security teams maintain focus on traditional security operations. Contact CodeEye Solutions today to discuss your next application project or compliance requirements. About CodeEye Solutions: Additional Services: Application Threat Modeling Manual Source Code Review Pipeline Audits and Tool Selection Secure Code Developer Training Application Security Architecture Design or Review Security Audits / Gap Assessments Incident Response / Planning Application Migrations Security Audit Penetration Testing Media Contact: [email protected] CEO – Rob Howes [email protected]

  • NIST CSF 2.0: A New Era in Cybersecurity and the Implications on Application Security

    On February 26, 2024, the National Institute of Standards and Technology (NIST) released an update to the Cyber Security Framework (CSF), introducing several changes, including implications for security by design and secure SDLC. Application security has become increasingly important in recent years due to the rise in cyber-attacks and data breaches. Governments in both Canada and the US have recognized the need for increased scrutiny over application integrity and have introduced regulations and guidelines to ensure the security of sensitive data. In the US, the National Institute of Standards and Technology (NIST) released an update to the Cyber Security Framework (CSF) in 2024, introducing several changes, including implications for security by design and secure SDLC. One of the most significant changes in NIST CSF 2.0 is the introduction of the Platform Security category under the “Protect” function. This category specifically references secure software development, stating that “Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle.” CodeEye launched IRIS, in 2019 with the ability to consolidate code security into one platform.  Since then, IRIS has evolved into a Next Gen ASPM Solution. What is IRIS ASPM? From code to production, IRIS detects, correlates, provides risk-based analysis, and prioritizes application security findings for easier interpretation and remediation – all within one platform. IRIS has a built-in Risk and Compliance Module that provides ongoing performance and risk monitoring of the product development program, addressing the requirements of PR.PS-06 of NIST CSF 2.0. This means that organizations can use IRIS to ensure that their secure software development practices are integrated and monitored throughout the software development life cycle. IRIS’s Risk and Compliance module supports the implementation and improvement of the NIST Cybersecurity Framework (CSF) 2.0 across the software development lifecycle. It provides a comprehensive view of the usage and findings of different scanning modules that correspond to the five core functions of the CSF: Identify, Protect, Detect, Respond, and Recover. It helps stakeholders monitor and compare the performance, risk, and health of the software projects and teams, and supports data-driven decision-making and risk mitigation efforts. The R&M Dashboard of IRIS aligns with the CSF 2.0 requirements across all 5 functions: Identify: The dashboard helps identify the assets, systems, and data that are involved in the software development process, and the potential risks and vulnerabilities that may affect them. By visualizing the number of issues found, analysis executed, and findings detected in different project stages (e.g., coding, QA, Production, Docker virtualization), the dashboard provides insights into the overall risk level at each stage. Protect: The dashboard helps protect the software assets, systems, and data by enabling the use of different scanning modules that can detect and prevent security breaches, such as static code analysis, dynamic code analysis, penetration testing, and vulnerability scanning. The dashboard allows a comparative analysis of the level of usage and effectiveness of each scanning module. This helps identify which modules are being utilized most effectively and which ones may need improvement. Detect: The dashboard helps detect the occurrence of cybersecurity events by tracking issues detected and analyses executed by each development team. This helps identify potential weak points in teams’ security practices and make informed decisions based on the results. The dashboard also facilitates the timely discovery and reporting of security incidents by providing alerts and notifications. Respond: The dashboard helps respond to cybersecurity incidents by providing actionable information and guidance on how to address and resolve the issues. The dashboard facilitates risk mitigation efforts by identifying areas where security vulnerabilities are most prevalent, allowing teams to prioritize and address critical issues. The dashboard also supports communication and coordination among stakeholders and teams during the incident response process. Recover: The dashboard helps recover from cybersecurity incidents by monitoring and comparing the results over time and assessing the impact and effectiveness of the remediation actions. The dashboard helps assess the overall health and security posture of the software development projects and identifies areas for improvement and lessons learned. With NIST CSF 2.0 bringing a renewed focus on secure software development, CodeEye’s Risk IRIS Next Gen ASPM provides a solution for organizations to efficiently meet the requirements of the new framework. For more information on CodeEye’s Risk and Compliance Module, contact us for a demo. About CodeEye Solutions CodeEye Solutions is a leading Canadian provider of cutting-edge Application Security Audit / Offensive Testing and Application Posture Management Services, empowering organizations to safeguard their digital assets against evolving cyber threats. With a comprehensive suite of solutions, including IRIS, an all-in-one Managed Application Security Platform focused on maturing the needs of the SMB Market, we offer unparalleled protection for high-growth businesses with limited security resources and tireless development teams. CodeEye Solutions is the Ontario Government Vendor of Record for IT Security Products and Services. Our expertise is application security, from the foundation to the product, coupled with expert guidance and support, to ensure that our clients can detect and mitigate security risks, improve code quality, foster collaboration between teams, and ensure compliance with regulatory requirements. For more information on CodeEye please visit www.codeeyesolutions.com.

Search Results

OffSet-Iris.png

Ready to embrace Next-Gen ASPM? 

Book a demo to see how IRIS handles your application security use-cases.