DryRun Security is introducing Natural Language Code Policies  to provide AppSec teams with an automated way to build and maintain security policy rules. 

DryRun Security was co-founded in 2023 by James Wickett and Ken Johnson. Having worked in the AppSec space for years, the founders shared a vision for empowering development teams to build secure software without disrupting their workflows.

The company, which has just secured $8.7 million in a seed funding round, offers an automated security solution that integrates with GitHub and provides security code reviews as well as identifying sensitive code paths, and authorship verification.

DryRun identifies security risks and integrates suggested mitigation into developers' workflows using an approach it calls Contextual Security Analysis (CSA) which layers static context, change context and application context to make contextually aware suggestions in near real-time. This is intended to overcome the restrictions of slow security code reviews and lack of security context by streamlining the security process through fast code reviews and real-time feedback.

The new natural language code policies can be used to define a security policy in a domain-focused way to cut the overhead of custom rule writing and help teams get coverage across all of their code bases without worrying about the language or framework.

Creighton Hicks, partner at LiveOak Ventures, who led the funding round said:

"The current generation of pattern-matching tools strictly looks at the literal syntax of code. DryRun Security is built from the ground up to leverage the latest in AI technology. This not only eliminates the need to write complicated pattern-matching rules but also goes beyond the literal syntax to understand risk based on code context and behavior."

The natural language code policies feature set lets development teams define and enforce security policies using plain, conversational language, so developers  can ask questions like:
“Does this change affect authentication logic?” It also identifies which code changes are the riskiest, and reduces vulnerabilities earlier in the software development lifecycle.

More Information

DryRun Security Website

DryRun On GitHub

Related Articles

OpenSSF's Siren To Warn About OSS Vulnerabilities

NIST Announces Post-Quantum Cryptographic Algorithms

OpenSSF Releases Malicious Packages Repository

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info