Amplify Security is here to fix insecure code
Today, Amplify Security is announcing it is coming out of stealth. Amplify Security was formed in February 2022 with a mission to change the way that companies secure their applications. We have been working hard on this problem for 2 years and I couldn’t be prouder of what the team has built. We are here and ready to say Hello World, and Goodbye Vulnerabilities!
Why we started Amplify Security
If you have ever been a part of an engineering team that had to consume detection results from SAST/SCA/DAST/etc., then you know these tools are notorious for having a low signal-to-noise ratio. To make matters worse, most engineering teams are paid to build products and the goal of building products is to get revenue. If your number one goal as a business is to increase revenue, then the noise from scanning tools will be a serious hit on velocity. We started Amplify to specifically help developers not have to spend time on security issues that can be solved by us. This allows developers to focus their energy on building products while Amplify saves them time on security issues.
Value of Amplify
Amplify Security takes 5 minutes or less to onboard and you instantly start seeing value. With the onboarding process being incremental in nature, it allows an engineering or security team to test Amplify, see value visually, start preventing and fixing security issues with a 1-click approach, and grow the deployment. We work in GitHub at the pull request level and on Gitlab at the merge request level. This is where developers are already working daily and Amplify brings value and suggestions to developers right in that workflow. Our top priority is always to make developers happy with the remediations we provide and be a value add in their day to day.
What is our Vision
At Amplify, our vision is that securing your product shouldn’t be a choice between decreasing developer velocity or ignoring alerts. We believe there is a path that maintains developer velocity while also reducing security risk. We see a future where developers can focus solely on shipping the best features while Amplify helps fix any security mistakes along the way.
Who will Love Amplify
There are two main persona’s that are in love with Amplify. The first being developers working at fast growing companies that are writing and shipping code at a high rate. These developers love Amplify because it removes the time/cognitive sink of remediating security issues. Most engineering teams have a few security champions, but it’s impossible to have an entire staff of security champions. Amplify can help ensure security as teams scale and grow.
The second persona who loves Amplify is the AppSec engineer on a solo or small security team. We are seeing a 100:1 developer to AppSec ratio at many companies. These AppSec engineers are spread really thin and it's difficult for them to watch every issue and help remediate vulnerabilities. They also know that if they don’t step in and assist on issues, many issues won’t have movement at all. For them, having a platform like Amplify allows them to watch and assist on all issues via Amplify. From AppSec engineers we are hearing “finally, a tool that I can deploy that developers don’t hate”.