TNS
VOXPOP
Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
0%
At work, but not for production apps
0%
I don’t use WebAssembly but expect to when the technology matures
0%
I have no plans to use WebAssembly
0%
No plans and I get mad whenever I see the buzzword
0%
AI / Observability / Security / Software Development

Demo: Rapid Vulnerability Remediation with Slim.ai

In this demo, Slim.ai's Ian Riopel shows how the platform, now in beta, offers users a shared workspace for coordinating vulnerability fixes with software vendors.
Jan 12th, 2024 10:00am by
Featued image for: Demo: Rapid Vulnerability Remediation with Slim.ai

CHICAGO — Trust is a critical part of the creation, distribution and consumption of software. As systems become more complex and modular, this becomes increasingly challenging.

Teams have to ensure they have the right processes in place in order to ensure the packages, libraries and services they use in the code they ship meet a certain security standard.

“What used to seem like a very simple thing of me shipping your software and you deploy has now turned into this very lengthy process,” said Ian Riopel, chief customer officer at Slim.ai, when he spoke to Alex Williams, publisher of The New Stack, for this episode of TNS Demos.

This now “lengthy process” has two main outcomes: either it slows the pace of software delivery and disrupts developer workflows, or it means shipping software that doesn’t meet security standards; that could have disastrous, even significant legal consequences for organizations.

Slim.ai addresses this challenge by offering its users what it calls “a shared workspace for coordinating vulnerability fixes with your software vendors.”

In this demo recorded at KubeCon + CloudNativeCon North America, Riopel told Williams that one of the key benefits of Slim.ai is its ability to enable continuous monitoring.

“We think today that, in general, everyone focuses on going through an individual audit, and then I get through that audit, and I’m good,” Riopel said.

He added, “The reality is, that’s not really how security is supposed to work, we want to actually have a better idea of what our risk state is at all times.”

Rank, Remediate, Resolve

The tool follows the principle of “three Rs,” Riopel said: rank, remediate, resolve. Rank is about establishing “a common baseline,” ensuring that the data that everyone is looking at — whether they’re a vendor, or customer — is the same.

“What we’re trying to do is be intelligent and take in all that data, normalizing it, and then being able to add additional context such as, Are those vulnerabilities reachable? Do they have known exploits associated with them? Are there fixes available?”

Then comes remediation, where more detailed context helps users prioritize and plan the actions they need to take. Slim.ai leverages AI here, which allows it to analyze existing data to provide greater specificity around given vulnerabilities.

The value of the tool spans multiple roles, Riopel suggested. On the one hand, it can ensure a greater level of trust across the value chain — from vendors to end users. For those responsible for facilitating those relationships, that’s a huge win that can take significant pressure off their shoulders.

For developers, Riopel said, Slim.ai can free them to spend more time building features. “What we hear from our customers is, on average, they spend 30 to 40% of their sprint time just doing fixes rather than working on new feature functionality that their customer base ultimately wants, and what the developers actually want to work on.”

To see Slim.ai in action, watch the full demo. If you’d like to try it out for yourself, you can sign up for the beta platform to explore its range of features.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Resolve, Slim.ai.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.