Legit Security Add Supports For More Regulatory Compliance Frameworks To Strengthen Software Supply Chain Security

TEL AVIV, Israel, March 22, 2023 (GLOBE NEWSWIRE) — Legit Security, a cyber security company with an enterprise platform that protects an organization's software supply chain from attack and ensures secure application delivery, today announces support for additional regulatory compliance frameworks and standards to improve software supply chain security including ISO 27001, SSDF, FedRAMP, SLSA, NIST, SBOM and SOC2. The Legit Security platform secures software supply chains by automatically discovering security issues, remediating threats, and ensuring the compliance of every software release. With support of these broad regulatory frameworks and standards, the company provides organizations with industry–leading capabilities to align their security guardrails to compliance requirements and deliver continuous insights into their state of compliance including drift detection and real–time alerts when security guardrails are violated.

Following the high profile cyber–attacks of SolarWinds, Codecov, Kaseya, Log4Shell, and many others, concerted efforts have been made by governments, industry leaders, and the software security community to regulate software supply chain security and ultimately software itself. The result is a rapidly evolving landscape of regulations and standards to keep the software development community thriving amid new threats.

Compliance with key frameworks and standards including ISO 27001, SSDF, FedRAMP, SLSA, NIST, SBOM and SOC2 are essential to improve security and are increasingly required by software customers. The Legit Security platform helps organizations ensure automated governance, compliance, and integrity of their software releases is support of these frameworks. The platform's ability to auto–discover and analyze software pipelines, tools, and security controls from code–to–cloud secures and governs applications in a single platform, and leverages risk scoring, security gap analysis, and remediation to streamline audits and ensure application release integrity.

"Enterprises are seeking solutions to improve the efficiency and effectiveness of their application security programs, often while needing to comply with one or more regulatory frameworks at the same time," said Liav Caspi, CTO and co–founder of Legit Security. "By supporting these top frameworks and standards in our platform, we're making the path to initial compliance much easier for our customers, and then helping them stay compliant with automated tools and reporting that lowers the cost of compliance while simultaneously improving the security of their software supply chains and application delivery."

The Legit Security platform supports the following frameworks and standards:

  • ISO 27001 is a standard specifying requirements for information security management systems, helping organizations protect their information assets.
  • SSDF (Secure Software Development Framework) is a set of secure software development practices based on best practices from organizations such as BSA, OWASP, and SAFECode.
  • FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government program that provides a standardized approach to security assessments, authorization, and continuous monitoring for cloud products and services.
  • The NIST (National Institute of Standards and Technology) cybersecurity framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risks and protect their networks and data.
  • SLSA (Supply Chain Levels for Software Artifacts) is a framework developed by Google that helps software producers and consumers achieve defined levels of software supply chain security.
  • SOC2 (Service Organization Control 2) is a widely recognized auditing standard for service providers that demonstrate their ability to securely manage customer data.
  • SBOM (Software Bill of Materials) is a nested description of software artifact components, persistent references, metadata and other auxiliary information such as licensing information presented in one of several standardized formats.

In support of these frameworks and standards, Legit Security provide automated tooling and reporting to streamline compliance and audits while enabling organizations to effectively secure their software supply chains and mitigate the risk of cyberattacks.

For more information, please visit the Legit Security website or read the company's whitepaper for details on the rapidly evolving regulatory landscape for software supply chain security.

Legit Security

Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.


GLOBENEWSWIRE (Distribution ID 8793190)