News & Press Releases

Infosec Products of the Month: October 2024

January 1, 2024

2024-01-01 00:00:00

Legit Posture Score featured in this list of new infosec products.

Leading LLMs Insecure, Highly Vulnerable to Basic Jailbreaks

May 23, 2024

2024-05-23 00:00:00

There are significant security concerns in the deployment of leading large language models (LLMs), according to a study from U.K. AI Safety Institute (AISI). The takeaway: The built-in safeguards in five LLMs released by major labs are ineffective.

Legit Security Named a “Representative Vendor” in the Gartner® Market Guide for DevOps Continuous Compliance Automation Tools

May 16, 2024

2024-05-16 00:00:00

Legit Security Named a “Representative Vendor” in the Gartner® Market Guide for DevOps Continuous Compliance Automation Tools

12 Cybersecurity Startups To Watch From RSAC 2024

May 9, 2024

2024-05-09 00:00:00

Numerous early-stage vendors—including in fast-growing areas such as cloud security and identity security—showcased at RSAC 2024 this week.

RSA Conference 2024 – Announcements Summary (Day 2)

May 8, 2024

2024-05-08 00:00:00

To help cut through the clutter, the SecurityWeek team is publishing a daily digest summarizing some of the announcements made by vendors. Here is a roundup of some of the most important new product, service and research announcements made on the second day of the event.

Most interesting products to see at RSAC 2024

May 7, 2024

2024-05-07 00:00:00

Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. Themed the Art of Possible, the 2024 RSA Conference takes place between 6 and 9 of May and will offer insights into the latest trends, how to master new skills, and more.

Legit Security Bolsters AI Supply Chain Security with Risky Model Detection

May 7, 2024

2024-05-07 00:00:00

Legit Security's new features enable companies to discover unsafe AI models in the software development pipeline for secure code.

Legit Security Releases Industry’s First Software Compliance and Attestation Trust Center

April 30, 2024

2024-04-30 00:00:00

Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced extended software compliance, audit, and attestation support with the release of the industry’s first software compliance and attestation trust center.

Legit Security Releases Industry’s First Software Compliance and Attestation Trust Center

April 30, 2024

2024-04-30 00:00:00

Legit Security expands capabilities to support compliance, audit, and attestation, empowering organizations to prove software compliance faster with the most comprehensive control validation platform.

New research discovers vulnerability in an archived Apache project

April 23, 2024

2024-04-23 00:00:00

Research from Legit Security has disclosed a vulnerability in an archived Apache project. The vulnerability discovered was a dependency confusion, otherwise known as dependency hijacking or substitution attack.

New Dependency Confusion Vulnerability Discovered In Archived Apache Project

April 23, 2024

2024-04-23 00:00:00

Legit Security has disclosed that its research team has recently discovered a dependency confusion, aka dependency hijacking or substitution attack, vulnerability in an archived Apache project.

Apache Cordova App Harness Targeted in Dependency Confusion Attack

April 23, 2024

2024-04-23 00:00:00

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness.

Dependency Confusion Vulnerability Found in Apache Project

April 23, 2024

2024-04-23 00:00:00

According to new data by Legit Security, who made the discovery, the finding underscores the importance of scrutinizing third-party projects and dependencies.

Legit Security and Wiz Partner to Deliver Comprehensive Security and Visibility from Code to Cloud

April 23, 2024

2024-04-23 00:00:00

Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced its partnership with Wiz, the industry's leading cloud security provider.

Legit Security Now Offered Through GuidePoint Security

April 18, 2024

2024-04-18 00:00:00

Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced a strategic reseller partnership with GuidePoint Security, the leading cybersecurity solution provider that empowers organizations to make smarter decisions and minimize risk.

Legit Security Now Offered Through GuidePoint Security

April 18, 2024

2024-04-18 00:00:00

Legit Security announced a strategic reseller partnership with GuidePoint Security, the leading cybersecurity solution provider that empowers organizations to make smarter decisions and minimize risk.

Legit Security Now Offered Through GuidePoint Security

April 17, 2024

2024-04-17 00:00:00

Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced a strategic reseller partnership with GuidePoint Security, the leading cybersecurity solution provider that empowers organizations to make smarter decisions and minimize risk.

MSSP Market News: Nozomi Networks, Tenable, Everfox, Microsoft

March 13, 2024

2024-03-13 00:00:00

Each business day MSSP Alert delivers a quick lineup of news, analysis and chatter from across the MSSP, MSP and cybersecurity world.

7 ways to put your code on a diet — and improve AppSec in the process

March 20, 2024

2024-03-20 00:00:00

Code bloat is at the root of many security problems. Here's how development teams can bolster application security with more efficient code.

Legit Security Launches AI-Powered, Enterprise-Grade Secrets Scanning Product

March 26, 2024

2024-03-26 00:00:00

Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline.

Legit Security launches enterprise secrets scanning solution

March 26, 2024

2024-03-26 00:00:00

Legit Security has unveiled its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline. An AI-powered solution that enables secrets discovery beyond source code, Legit’s offering is built to meet the needs of even the most complex development organizations.

MSSP Market News: Legit Security, Claroty, Axonius

March 26, 2024

2024-03-26 00:00:00

Each business day MSSP Alert delivers a quick lineup of news, analysis and chatter from across the MSSP, MSP and cybersecurity world.

How to Take Software to Market Fast and With Minimal Security Risks

March 26, 2024

2024-03-26 00:00:00

Software is a crucial business driver for most companies today, meaning software development needs to be lightning-fast. To maintain both speed and security, many companies now integrate automated security tests such as static analysis and software composition analysis (SCA) early in the development process, eliminating costly code fixes later on.

Why selling software to the government is like visiting a confessional booth

March 27, 2024

2024-03-27 00:00:00

Final rules have kicked-in for companies selling software to the government. They must now attest to the fact that they used secure development practices. Their reference must be the Secure Software Development Framework from the National Institute of Standards and Technology.

Legit Security Launches AI-Powered, Enterprise-Grade Secrets Scanning Product

March 26, 2024

2024-03-26 00:00:00

Legit Security, the leading application security posture management (ASPM) platform that enables secure application delivery, today announced an AI-powered solution that enables secrets discovery beyond source code, Legit’s offering is built to meet the needs of even the most complex development organizations.

Experts Say CISA's Software Attestation Form Lacks Key Parts

March 13, 2024

2024-03-13 00:00:00

The U.S. federal government's secure software development self-attestation form for manufacturers takes bold steps towards securing the supply chain but lacks key components that should be incorporated into iterative versions of the document, experts told Information Security Media Group.

MSSP Market News: Nozomi Networks, Tenable, Everfox, Microsoft

March 13, 2024

2024-03-13 00:00:00

Legit Security, an application security posture management (ASPM) platform provider, has appointed Justin Bradley as the company’s new vice president of Customer Success. Bradley spent a majority of his career at CyberArk, where he created and grew the global customer success team. He will scale Legit Security’s customer success team to bolster customer expansion, cross-selling and retention, the company said.

Legit Security Strengthens Leadership Team to Drive Customer Success

March 12, 2024

2024-03-12 00:00:00

Legit Security, the leading application security posture management (ASPM) platform that enables secure application delivery, today announced the expansion of its senior leadership team, appointing Justin Bradley as the company’s new Vice President of Customer Success.

How teams can make use of the White House report on secure and measurable software

March 7, 2024

2024-03-07 00:00:00

The White House Office of the National Cyber Director (ONCD) released a report last week on how the industry can get on a path to secure and measurable software. ONCD’s report highlights two areas that would improve software security and calls on the technical community to take steps to address them. The first starts with the use of memory-safe programming languages, the other focuses on the development of diagnostics to measure cybersecurity quality.

Roni Fuchs Co-Founds Legit Security To Protect Software Supply Chain

March 6, 2024

2024-03-06 00:00:00

Roni Fuchs grew up in Jaffa, a tough neighborhood in Tel Aviv, Israel where he learned the value of hard work, exposed to technology at an early age by his Romanian immigrant and engineer father.

Using AI to reduce false positives in secrets scanners

February 27, 2024

2024-02-27 00:00:00

As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication.

Legit Security Releases Industry’s First AI Discovery Capabilities

February 13, 2024

2024-02-13 00:00:00

Legit Security announced the availability of the cybersecurity industry’s first AI discovery capabilities today. With these new capabilities, Legit helps bridge the gap between security and development by enabling CISOs and AppSec teams to understand where and when AI code is used and take action to ensure proper security controls are in place - without slowing software delivery.

Legit Security Delivers AI-Powered Accuracy to Secrets Scanning

January 23, 2024

2024-01-23 00:00:00

Legit Security today announced expanded and AI-powered capabilities to detect and protect secrets across the software development pipeline. With secrets at the heart of enabling applications to operate, understanding where they exist – beyond hard-coded secrets and source code - and preventing secrets from leaking is paramount.

Legit Security Announces Historic 2023 Year-End

January 10, 2024

2024-01-10 00:00:00

Legit Security announced that 2023 delivered the most successful year in the company’s history, including most recently being named to the Fortune Cyber 60 list of the most important venture-backed startups.

Legit Security Secures $40 Million Series B Investment Led by CRV

September 20, 2023

2023-09-20 00:00:00

Legit Security, a cyber security company with an enterprise Application Security Posture Management (ASPM) platform, has successfully closed a $40 million venture capital round investment led by CRV with participation from existing investors Cyberstarts, Bessemer Venture Partners, and TCV.

Legit Security Announces Integration with CrowdStrike to Bring Application Security Posture Management to Customers

August 1, 2023

2023-08-01 00:00:00

Legit Security announced a partnership with CrowdStrike, a global leader in cloud-delivered protection of endpoints, cloud workloads, identity, and data protection. With this partnership, Legit Security integrates with the CrowdStrike Falcon® platform to provide extended application security, auto-discovery, and vulnerability management. Leveraging the two solutions, customers can automatically trace cloud application vulnerabilities back to their code origin and more rapidly prioritize and remediate security issues leveraging deep application context.

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

July 18, 2023

2023-07-18 00:00:00

Legit Security announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline.

Legit Security Wins 7 Industry Awards As RSA Conference Wraps Up

May 2, 2023

2023-05-02 00:00:00

Legit Security announced that it has won seven industry awards for its innovative cybersecurity solution. The company joins a rare group of companies that are broadly and consistently recognized for their innovation and market leadership from a consensus of leading cybersecurity experts and judges.

Legit Security Extends Platform Capabilities for Code to Cloud Visibility and Security

April 19, 2023

2023-04-19 00:00:00

Legit Security today announces new code to cloud traceability and security capabilities that capture deep security issue context and business insights to drive faster remediation and security issue prioritization for enterprise security teams. These capabilities extend the company’s existing market.

Legit Security Announces New Partnership with Snyk

April 12, 2023

2023-04-12 00:00:00

Legit Security announced a partnership with Snyk, the leader in developer security. Together, Legit Security and Snyk help bridge the gap between security and development teams by scaling-up security from code to cloud through the combination of secure code and secure application delivery...

Legit Security Uncovers Remote Code Execution Vulnerability in Microsoft’s Azure Pipelines, Posing Serious Risks to Software Supply Chains

April 4, 2023

2023-04-04 00:00:00

Legit Security today announced that it has uncovered a remote code execution vulnerability in Microsoft’s Azure Pipelines. The vulnerability allows attackers to exploit Microsoft’s Azure DevOps Servers to initiate software...

Legit Security Add Supports For More Regulatory Compliance Frameworks To Strengthen Software Supply Chain Security

March 22, 2023

2023-03-22 00:00:00

Legit Security today announces support for additional regulatory compliance frameworks and standards to improve software supply chain security, including ISO 27001, SSDF, FedRAMP, SLSA, NIST, SBOM, and SOC2...

Legit Security’s Open-Source Security Tool “Legitify” Adds Support for GitLab and GitHub Enterprise Server

January 26, 2023

2023-01-26 00:00:00

Legit Security today announced that Legitify, the open-source security tool that it maintains in addition to its enterprise SaaS platform, has expanded support to include GitHub Enterprise Server and GitLab...

Legit Security Discovers “MarkdownTime”, A Vulnerability in Markdown Services Affecting GitHub, GitLab and Countless Others

January 19, 2023

2023-01-19 00:00:00

Legit Security today announced that it discovered an easy to exploit Denial-of-Service (DoS) vulnerability in Markdown libraries used by GitHub, GitLab and countless other applications using a popular...

Legit Security Discovers New Class of Development Pipeline Vulnerabilities; Rust Programming Language Vulnerable

December 8, 2022

2022-12-08 00:00:00

Legit Security today announced that it discovered a new class of software supply chain vulnerabilities that leverage artifact poisoning to attack underlying software development pipelines...

Legit Security Selected For Security Innovation Of The Year Award Shortlist

December 6, 2022

2022-12-06 00:00:00

Legit Security today announced it has been shortlisted for the “Security Innovation of the Year” Award for the 2022-2023 Cloud Awards program. Legit Security competed against companies across the US, Canada, Australia, Europe, Israel, and the UK in an international awards program...

Legit Security Named Winner of Top InfoSec Innovator Award for 2022

October 27, 2022

2022-10-27 00:00:00

Legit Security has been named a winner of the Top InfoSec Innovator Awards for 2022. Judges looked at thousands of information security companies to search for those with the most innovative solutions to some of the most challenging cybersecurity issues facing the marketplace today...

Legit Security named "Cloud Security Startup of The Year" in the Cybersecurity Breakthrough Awards

October 6, 2022

2022-10-06 00:00:00

Legit Security has been named “Cloud Security Startup of the Year” in the Cybersecurity Breakthrough 2022 Awards. The awards program aims to provide the most comprehensive evaluation of cybersecurity solutions...

Legit Security Launches Open-Source Security Product to Enforce and Scale Secure GitHub Configurations

October 5, 2022

2022-10-05 00:00:00

Legitify is a GitHub misconfiguration scanner that helps security teams and DevOps engineers manage and enforce their GitHub configurations in a secure and scalable way. Legitify is a cross-platform security tool that works with Windows, Mac, and Linux and...

Legit Security Announces Support For New Compliance Frameworks To Increase Software Supply Chain Security And Integrity

August 10, 2022

2022-08-10 00:00:00

In accordance with a growing number of regulations including the President's Executive Order for improving the nation's cybersecurity, the latest Legit Security platform update addresses a wide range of...

Legit Security Is Named Rising Star As Part Of Forbes’ Cloud 100 List

August 9, 2022

2022-08-09 00:00:00

Legit Security is named one of 20 Rising Stars as part of the seventh-annual Forbes 2022 Cloud 100 list. The Cloud 100 List is a definitive list of the top private cloud companies in the world, published by Forbes in partnership with Bessemer Venture Partners and Salesforce Ventures. “We are deeply honored to...

Legit Security Discovers GitHub Privilege Escalation Vulnerability and Warns Organizations To Protect Themselves From Potential Software Supply Chain Attacks

April 12, 2022

2022-04-12 00:00:00

Legit Security today announced the responsible disclosure of recently found GitHub-Actions pipeline privilege escalation vulnerabilities. These vulnerabilities...

Legit Security Announces Free Risk Assessment to Help Organizations Secure Themselves From Escalating Software Supply Chain Attacks

February 28, 2022

2022-02-28 00:00:00

Legit Security today announced a free Rapid Risk Assessment to help organizations proactively mitigate the risk of crippling software supply chain...

Legit Security Launches Out of Stealth with Series A Investment to Secure Software Supply Chains

February 10, 2022

2022-02-10 00:00:00

Legit Security announced its launch out of stealth mode with a Series A $30 million funding announcement with leading venture capital firms Bessemer Venture Partners and TCV. Prior seed funding was provided by...

Legit Security Expands Platform Capabilities for Application Security Posture Management

August 22, 2023

2023-08-22 00:00:00

Legit Security announced expanded capabilities to provide comprehensive visibility into an application's security posture, including deep contextual insights and automated detection-to-remediation workflows so enterprises can release software fast while protecting against evolving threats.

Microsoft's latest flaw hits open-source projects

January 30, 2024

2024-01-30 00:00:00

A team of security researchers has uncovered a flaw in Microsoft's code development and testing environment that could affect upward of 70,000 open-source projects, according to a report first shared with Axios.

Legit Security Applies AI to Detect Vulnerable Application Secrets

January 23, 2024

2024-01-23 00:00:00

Legit Security today announced it has expanded the scope of its application security posture management (ASPM) platform to make use of artificial intelligence (AI) to discover secrets more accurately in applications that cybercriminals can actually exploit.

First Step in Securing AI/ML Tools Is Locating Them

January 19, 2024

2024-01-19 00:00:00

Security teams need to start factoring for these tools when thinking about the software supply chain. After all, they can't protect what they don't know they have.

Fortune Cyber 60

January 10, 2024

2024-01-10 00:00:00

Ask any CEO about the biggest risks to their business, and cybersecurity is sure to be near the top of the list. Fortune teamed up with Lightspeed Venture Partners to identify the fastest-growing startups in this critical field.

Legit Security Uncovers Supply Chain Weakness in Popular Hugging Face Repository

December 7, 2023

2023-12-07 00:00:00

Over the past year, we’ve seen plenty of examples of large language models spitting out worrisome content, from encouraging users to harm themselves to providing them with instructions on how to build bombs.

Legit Discovers “AI Jacking” Vulnerability in Popular Hugging Face AI Platform

October 23, 2023

2023-10-23 00:00:00

Our research revealed how attackers could leverage Hugging Face, the popular AI development and collaboration platform, to carry out an AI supply chain attack that could impact tens of thousands of developers and researchers.

Legit Security lands $40M to lock down apps and dev environments

September 20, 2023

2023-09-20 00:00:00

Legit Security, a cybersecurity company developing a platform to identify app vulnerabilities from code, has raised $40 million in a Series B funding round led by CRV with participation from Cyberstarts, Bessemer Venture Partners and TCV.

What is Application Security Posture Management – Insights Into Gartner’s® New Report

May 15, 2023

2023-05-15 00:00:00

On May 5th, Gartner published an Innovation Insights Report that outlines the latest evolution in AppSec– Application Security Posture Management (or ASPM for short). ASPM is something that we at Legit Security have been pioneering for over a year – a revolution in the way modern application security can be done more...

Azure Pipelines vulnerability spotlights supply chain threats

May 30, 2023

2023-05-30 00:00:00

Legit Security researchers discovered a remote code execution flaw within Microsoft's Azure DevOps platform that could give threat actors complete control of development pipelines. Researchers with Israeli startup Legit Security discovered a vulnerability in Microsoft Azure Pipelines that could let threat actors submit...

GRC Outlook - Ensuring Application Integrity and Compliance

March 1, 2023

2023-03-01 00:00:00

The world today is getting more dependent on technology all around us. Every application that businesses today rely on might have a security loophole that attackers can effectively utilize to harness confidential information, disrupt business operations, or use as a stepping stone for broader attacks.

GitHub Actions, Sha-1 Retirement, And A Self-worming Vulnerability

December 23, 2022

2022-12-23 00:00:00

It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whenever a pull request is opened. But that pull request is run in some part...

Denial of Service Vulnerability Found in Libraries used by GitHub & Others

January 17, 2023

2023-01-17 00:00:00

In a recent development, Legit Security today announced its discovery of an easy-to-exploit DoS vulnerability in markdown libraries used by GitHub, GitLab and other applications, using a popular markdown rendering service called commonmarker...

GitHub Actions Were Vulnerable to Rust Artifact Poisoning

December 12, 2022

2022-12-12 00:00:00

A new class of software supply chain vulnerability in GitHub Actions and Rust leverages artifact poisoning to attack the underlying software development pipelines. People are way too inclined to believe that just because some program, language, operating system...

Artifact Poisoning in GitHub Actions Imports Malware Into Software Pipelines

December 1, 2022

2022-12-01 00:00:00

Legit Security researchers discovered that attackers submitting changes to an open-source repository on GitHub could cause downstream software projects to compile updates with malicious code. ...

Legit Security: Redefining the Future of Software Supply Chain Security

November 28, 2022

2022-11-28 00:00:00

Most organization’s development team don’t have a fully resourced and dedicated security team, making it a challenging task to get rid of all vulnerabilities and deliver secure software. This is where Legit Security comes into the picture with a mission to secure applications at scale...

How scanning GitHub helps secure open-source software supply chains

October 3, 2022

2022-10-03 00:00:00

Legitify is an open-source GitHub configuration scanner from Legit Security that helps security teams and DevOps engineers manage and enforce their GitHub configurations in a secure and scalable way.

Software Supply Chain Security and the Rapidly Evolving Regulatory Landscape

September 19, 2022

2022-09-19 00:00:00

All you need to know about software supply chain security and the rapidly evolving regulatory landscape, including who is most affected...

Legit Security Discovers and Helps Remediate Software Supply Chain Vulnerabilities in Google Firebase & Apache Open-Source Projects

September 14, 2022

2022-09-14 00:00:00

Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain, today announced that it discovered software supply chain attack...

In the second half of 2022, key leaders emerge across diverse industries

September 14, 2022

2022-09-14 00:00:00

Legit Security launched out of stealth in February 2022 with a cyber security solution to secure software supply chains used by organizations to build and release software applications. As cyber attacks to the software supply chain are projected to increase...

Cloud Native Computing Foundation Continues Significant Membership Growth, Highlighting Ubiquity of Cloud Native Tech

September 13, 2022

2022-09-13 00:00:00

The fact that we are still seeing so many new organizations of all sizes, industries, and geographies joining CNCF is a testament that cloud-native...

Merge Requests and Insecure GitHub Workflows May Lead to Software Supply-Chain Attacks

September 1, 2022

2022-09-01 00:00:00

Security researchers at Legit Security identified software supply chain vulnerabilities in the GitHub automated workflows used by Google Firebase and Apache Camel.

Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects

September 1, 2022

2022-09-01 00:00:00

Security vulnerabilities discovered by Legit Security in very popular open source projects from Apache and Google could be used to modify source code, steal secrets, and move laterally inside an organization.

Attack Vulnerability Announced Two Days After Google's Vulnerability Rewards Program Launch

September 1, 2022

2022-09-01 00:00:00

Just two days after Google announced the Open Source Software Vulnerability Rewards Program, Legit Security reported attack vulnerabilities in open-source projects from Google.

Legit Security Protects Against Modern Threats to Software Applications and Their Supply Chain

August 10, 2022

2022-08-10 00:00:00

Business innovation relies on speed and agility to engage customers in new ways though their software applications and digital business models. However, the hard work that businesses invest in...

Legit Security Brings a Needed Layer of Protection to the SDLC Pipeline

June 5, 2022

2022-06-05 00:00:00

Cybercrime has appeared more frequently in the news cycle over the past five years. Malicious software and attacks have only grown more sophisticated, and each new development...

Researchers Find Privilege Escalation Vulnerabilities in GitHub Repos

April 5, 2022

2022-04-05 00:00:00

Legit Security today revealed that it discovered a privilege escalation vulnerability in GitHub repositories that has since been remediated. Liav Caspi, Legit Security CTO, said the company worked with GitHub to...

Legit Security Raises 30M to Tackle Software Supply Chain Security

February 14, 2022

2022-02-14 00:00:00

A team of Israeli entrepreneurs with roots in the application security ecosystem is taking a stab at software supply chain security with big backing from Bessemer Venture Partners. The venerable venture capital firm is leading...

Legit Security Gather 30M Series A

February 10, 2022

2022-02-10 00:00:00

Legit Security, a cybersecurity company in the rapidly growing software supply chain security space, has announced $30 million from top tier investors for their Series A funding...

Securing Your CI/CD Pipeline: Exploring the Dangers of Self-Hosted Agents

June 9, 2023

2023-06-09 00:00:00

Continuous Integration/Continuous Deployment (CI/CD) pipelines have become crucial to modern software development practices. CI/CD pipelines can significantly improve development efficiency and software quality by automating the process of building, testing, and deploying code.

GitHub Actions Insecurity: New Research From Legit Security Reveals Most GitHub Actions Susceptible to Exploit

July 16, 2024

2024-07-16 00:00:00

GitHub has quickly become an essential resource for the developer community by enabling developers to work together on development projects and see each other’s changes in real-time.

New State of GitHub Actions Security: Researchers Expose Most Workflows Risky, Insecure, Exploitable

July 16, 2024

2024-07-16 00:00:00

Legit Security has published its new State of GitHub Actions Security report, which unveils an especially concerning security posture and reveals that most workflows are insecure, overly privileged, and have risky dependencies.

Most GitHub Actions workflows are insecure in some way

July 17, 2024

2024-07-17 00:00:00

Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security.

Report Surfaces Thousands of Potential Vulnerabilities in GitHub Workflows

July 16, 2024

2024-07-16 00:00:00

An analysis of 2.5 million GitHub Actions workflow files belonging to 553,000 organizations and personal users published today suggests many DevSecOps teams that use the GitHub continuous integration/continuous deliver (CI/CD) platform to build and deploy applications are relying on workflows that are often fundamentally insecure.

Security weaknesses at Git Hub could have devastating impacts: Hashtag Trending for Tuesday, July 16, 2024

July 16, 2024

2024-07-16 00:00:00

A new report from a company called Legit Security reveals alarming security vulnerabilities in GitHub Actions, a popular tool used by millions of developers and major companies worldwide. The study, titled “The State of GitHub Actions Security,” found that most GitHub Actions workflows are susceptible to exploitation.

Is GitHub Dying a Slow Death?

July 28, 2024

2024-07-28 00:00:00

The Legit Security report found that most GitHub Actions are not created by verified users, are not maintained, have vulnerabilities, and have very low-security scores.Roy Blit, Head of Research at Legit Security, spoke about the dangers that this represents for companies everywhere, in a press release.

Legit Security Launches Industry-First AI Security Command Center, Expanding Its ASPM Platform to Protect the Modern AI-Native Software Factory

August 7, 2024

2024-08-07 00:00:00

Legit’s new AI Security Command Center provides a dedicated dashboard for application security (AppSec) and product security teams to centrally monitor, triage, and enforce AI security controls throughout fragile, fast-paced development environments.

Generative AI takes center stage at Black Hat USA 2024

August 8, 2024

2024-08-08 00:00:00

Legit Security launched an AI Security Command Center, designed to provide security teams with a console for AI visibility and protection in development environments.

MSSP Market News: Fortinet Buys Next DLP

August 7, 2024

2024-08-07 00:00:00

Legit Security, an application security posture management (ASPM) provider, has launched its AI Security Command Center. This AI security dashboard provides security teams with a unified console to efficiently and proactively gain visibility to AI used in development and defend against cyberattacks exploiting AI-based applications, mitigating the use of risky AI models in development environments and application code, the company said.

10 Security Vendors Making Moves At Black Hat 2024

August 7, 2024

2024-08-07 00:00:00

ASPM (application security posture management vendor) Legit Security announced what it’s calling “the industry's first AI Security Command Center,” which offers a dedicated dashboard for AI security.

Black Hat bonanza: 1Password, ArmorCode, Legit Security and NetRise unveil new security solutions

August 7, 2024

2024-08-07 00:00:00

Also offering ASPM services, Legit Security announced AI Security Command Center. It’s a new dedicated AI security dashboard that provides security teams with a unified console to gain visibility to AI used in development and defend against cyberattacks exploiting AI-based applications.

Legit Security launches AI Security Command Center, expands ASPM platform to protect AI-native software factory

August 7, 2024

2024-08-07 00:00:00

Legit Security announced on Wednesday the launch of its AI Security Command Center. The new, dedicated AI security dashboard provides security teams with a unified console to efficiently and proactively gain visibility to AI (artificial intelligence) used in development and defend against cyberattacks exploiting AI-based applications, mitigating the use of risky AI models in development environments and application code.

At Black Hat, cybersecurity faces an AI conundrum amid a glut of defensive weapons

August 9, 2024

2024-08-09 00:00:00

Ahead of the annual Black Hat cybersecurity conference in Las Vegas, we warned that defensive tool sprawl is only likely to get worse.Onsite, the talk was about, of course, the impact of AI. So far, so good, but defenders are bracing for more sophisticated artificial intelligence-driven attacks. Meantime, lots of cybersecurity providers are doing well, if earnings and new fundings are any indication.

New Research From Legit Security and TechTarget’s Enterprise Strategy Group Shows Outdated Application Security Approaches Do Not Work With Modern Development Trends

August 16, 2024

2024-08-16 00:00:00

Comprehensive study shows an urgent need for organizations to adopt a modernized approach to their application security processes

MSSP Market News: Trustifi Debuts Data Security “One-Click” Tool

August 16, 2024

2024-08-16 00:00:00

Legit Security, an application security posture management (ASPM) provider, and TechTarget's Enterprise Strategy Group (ESG), an IT analyst, research and strategy firm, have published a new report, "Modernizing Application Security to Scale for Cloud-native Development." The report found that application teams face a number of challenges, such as keeping up with the speed and volume of releases and prioritizing remediation. These challenges highlight the importance of a modernized approach and alignment with development and DevOps teams for improved collaboration, Legit Security reports.

New Research: Current Development Trends Significantly Challenging Application Security Modernization

August 16, 2024

2024-08-16 00:00:00

Legit Security has released a report on development trends driving the modernization of AppSec programs and pressing challenges to underscore the need to modernize AppSec practices to support growth and mitigate risks.

Enterprises need to update application security practices

August 16, 2024

2024-08-16 00:00:00

The study from Legit Security and TechTarget's Enterprise Strategy Group (ESG) finds nearly all organizations reporting difficulties in fixing vulnerabilities after applications are deployed, reinforcing the significance of incorporating security processes and tools in the build process.

New Research From Legit Security and Enterprise Strategy Group Shows Outdated Application Security Approaches Do Not Work With Modern Development Trends

August 16, 2024

2024-08-16 00:00:00

Legit Security Enterprise Strategy Group (ESG) announced the publication of Modernizing Application Security to Scale for Cloud-native Development. The report delves into the development trends driving the need to modernize application security programs and evaluates pressing challenges that application security teams encounter with their current tools. The findings underscore the urgency for organizations to modernize their application security practices so that they can support growth and mitigate risks.

Publicly available GenAI development apps open to exploitation

August 28, 2024

2024-08-28 00:00:00

New research from Legit Security shows that widely available GenAI development services risk sensitive information exposure, or leakage of secrets.

Hundreds of LLM Servers Expose Corporate, Health & Other Online Data

August 28, 2024

2024-08-28 00:00:00

In a new report, Legit security researcher Naphtali Deutsch demonstrated as much by scanning the Web for two kinds of potentially vulnerable open source (OSS) AI services: vector databases — which store data for AI tools — and LLM application builders — specifically, the open source program Flowise.

Researchers ID security risks in GenAI development platforms

August 29, 2024

2024-08-29 00:00:00

Cyber firm Legit Security detailed the risks associated with using publicly accessible AI services, particularly vector databases and large language model (LLM) tools. The researchers said the v...

Multiple Vulnerabilities in AI Platforms Exposes Sensitive Data to Anyone

August 28, 2024

2024-08-28 00:00:00

The Legit Security study highlights two primary areas of concern: vector databases and LLM tools.

Why Your Foundation AI Services Are Unsafe: Expert Analysis

September 5, 2024

2024-09-05 00:00:00

Now a new study from Legit Security found that these elements are ripe with vulnerabilities, data breaches, cybersecurity risks, and exposed sensitive data.

Breach Roundup: YubiKey 5 Is Vulnerable to Cloning

September 5, 2024

2024-09-05 00:00:00

Companies integrating open-source generative AI tools are inadvertently exposing sensitive data to the public web, says a report by Legit Security. Naphtali Deutsch, a researcher at the firm, identified vulnerabilities in open-source AI services, including the Flowise platform and vector databases.

Enterprises beware, your LLM servers could be exposing sensitive data

September 2, 2024

2024-09-02 00:00:00

Legit Security recently published an investigation into security issues affecting the infrastructure underpinning many businesses’ AI applications, suggesting these systems could also be susceptible to data leakage and data poisoning.

The Software Development Trends Challenging Security Teams

September 9, 2024

2024-09-09 00:00:00

When asked to identify their top challenges for AppSec teams supporting cloud-native dev processes, "understanding developer environments and assets to effectively manage security" was one of the top three responses provided.

Legit Security Named a Leader in Frost & Sullivan's 2024 Global Application Security Posture Management (ASPM) Radar Report

October 2, 2024

2024-10-02 00:00:00

Dive deeper into the ASPM market and Legit’s place in it in Frost & Sullivan’s Frost Radar™: Global Application Security Posture Management (ASPM) 2024 report.

Legit Security Adds New, Adaptive ‘Legit Posture Score,’ Consolidating Cross-Industry Best Practices and Regulatory Frameworks to Operationalize ASPM and Benchmark Real-Time Posture Performance

October 3, 2024

2024-10-03 00:00:00

ASPM leader renders legacy and siloed application security testing (AST) scores meaningless, launching a new, universal, and fully transparent ‘Legit Posture Score’ to facilitate dynamic posture monitoring and management across the entire SDLC.

10 Cloud, Data And Identity Security Startups To Watch In 2024

October 11, 2024

2024-10-11 00:00:00

CRN names Legit one of 10 cloud, data, and identity security startups to watch in 2024

New infosec products of the week: October 4, 2024

October 4, 2024

2024-10-04 00:00:00

Here’s a look at the most interesting products from the past week, featuring releases from Balbix, Halcyon, Metomic, Red Sift, SAFE Security, Veeam Software, and Legit Security.

Engineering leaders continue focus on TestOps – operational strategies

October 4, 2024

2024-10-04 00:00:00

Shay Elmualem, Principal Tech Lead at Legit Security, shares, “To prioritize test coverage, we first focus on the most commonly used browsers among our users—typically Chrome and Firefox.

Legit Security Adds Application Security Rating Scorecards to ASPM Platform

October 3, 2024

2024-10-03 00:00:00

Legit Security today added an ability to rate the level of software security that has been attained to its application security posture management (ASPM) platform.

Legit Security Adds New, Adaptive 'Legit Posture Score,' Consolidating Cross-Industry Best Practices and Regulatory Frameworks to Operationalize ASPM and Benchmark Real-Time Posture Performance

October 3, 2024

2024-10-03 00:00:00

Legit Security launched its new "Legit Posture Score," delivering a dynamic, comprehensive, and fully transparent ASPM rating system.

Legit Security Adds New, Adaptive ‘Legit Posture Score’

October 3, 2024

2024-10-03 00:00:00

Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, today launched its new “Legit Posture Score,” delivering a dynamic, comprehensive, and fully transparent ASPM rating system.

Legit Posture Score empowers security teams to measure and manage their AppSec posture

October 3, 2024

2024-10-03 00:00:00

Legit Security launched its new “Legit Posture Score,” delivering a dynamic, comprehensive, and fully transparent ASPM rating system.

Keep your secrets secret: 5 core tips — and a call to action on modernizing

October 23, 2024

2024-10-23 00:00:00

Liav Caspi shares his best practices on managing secrets securely

OWASP's Dependency-Track tool update: Key changes — and limitations

October 22, 2024

2024-10-22 00:00:00

Joe Nicastro shares his thoughts on the new version of OWASP's dependency tracking tool.

Innovator Spotlight: Legit Security

October 25, 2024

2024-10-25 00:00:00

CDM profiles Legit's ASPM offering.

January 1, 2024

2024-01-01 00:00:00

LW ROUNDTABLE: Wrist Slap or Cultural Shift? SEC Fines Cyber Firms for Disclosure Violations

November 15, 2024

2024-11-15 00:00:00

Legit Field CTO Joe Nicastro shares his thoughts on the SEC fining firms in connection to SolarWinds breach.

Legit Security Releases Survey Report on GenAI in Software Development, Revealing Pervasive Security Challenges Despite High Rate of Adoption

November 19, 2024

2024-11-19 00:00:00

Get results of new survey.

Security Concerns Loom as GenAI Adoption Grows in DevOps

November 19, 2024

2024-11-19 00:00:00

Liav Caspi spoke with DevOps.com about the results of Legit's survey on GenAI use in software development.

Legit Security Releases Survey Report on GenAI in Software Development, Revealing Pervasive Security Challenges Despite High Rate of Adoption

November 19, 2024

2024-11-19 00:00:00

Highlights of Legit's survey on GenAI use in software development.

Use of GenAI in development raises security concerns

November 19, 2024

2024-11-19 00:00:00

BetaNews summarizes the findings of Legit's survey on GenAI use in software development.

Overreliance on GenAI to develop software compromises security

November 21, 2024

2024-11-21 00:00:00

HelpNet Security highlights Legit's recent survey on the use and security of GenAI in software development.

January 1, 2024

2024-01-01 00:00:00

Legit Security Enhances Secrets Detection & Prevention with a Single, Integrated View of All Secrets Findings and Recovery Actions Across the SDLC, Including Within Personal GitHub Repos

December 19, 2024

2024-12-19 00:00:00

Get details on Legit's latest secrets capabilities.

Legit Security Adds Ability to Scan Personal GitHub Repositories for Secrets

December 19, 2024

2024-12-19 00:00:00

DevOps.com talks to Legit co-founder Lior Barak about Legit's enhanced secrets capabilities.

Legit Security provides insights into the enterprise’s secrets posture

December 19, 2024

2024-12-19 00:00:00

HelpNet Security highlights Legit Secrets Detection & Prevention 2.0.

Legit Security Enhances Secrets Detection & Prevention with a Single, Integrated View of All Secrets Findings and Recovery Actions Across the SDLC

December 19, 2024

2024-12-19 00:00:00

The IT Nerd features Legit's new secrets capabilities.

January 1, 2024

2024-01-01 00:00:00

2025 DevSecOps Predictions

January 7, 2025

2025-01-07 00:00:00

Legit Field CTO Joe Nicastro shares his predictions for software supply chain attacks in 2025 with DevOps Digest.

January 1, 2024

2024-01-01 00:00:00

Legit Security Releases 2025 State of Application Risk Report, Revealing 100% of Organizations Have High or Critical Risks in Their Development Environments

January 23, 2025

2025-01-23 00:00:00

Security leader's new research highlights where the greatest application risks live and how organizations can prioritize their application security efforts

January 1, 2024

2024-01-01 00:00:00

New 2025 State of Application Risk Report: 100% of Organizations Have High Risks in Development Environments

January 23, 2025

2025-01-23 00:00:00

IT Nerd shares highlights from Legit's 2025 State of Application Risk report

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities

January 23, 2025

2025-01-23 00:00:00

Devops.com shares highlights of Legit's 2025 State of Application Risk report

Developers can't get a handle on application security risks

January 29, 2025

2025-01-29 00:00:00

ITPro highlights data from Legit's 2025 State of Application Risk report.

Legit Security Extends ASPM Platform Capabilities With Advanced Root Cause Remediation

January 30, 2025

2025-01-30 00:00:00

Legit is now the only ASPM platform to support root cause remediation actions

January 1, 2024

2024-01-01 00:00:00

Legit Security Brings Business Context to AppSec Issues Prioritization and Remediation

February 24, 2025

2025-02-24 00:00:00

Legit is the first ASPM platform to bolster AppSec program maturity by connecting previously disparate data points, enabling organizations to understand and fix issues creating the most business risk

Legit context turns raw data into actionable insights

February 25, 2025

2025-02-25 00:00:00

HelpNet Security highlights the benefits of Legit context.

Legit Security Extends ASPM Platform to Provide More Vulnerability Context

February 26, 2025

2025-02-26 00:00:00

Mike Vizard of DevOps.com talks to Liav Caspi about the release of Legit context.

SDLC Misconfigurations: The Overlooked Risk in Modern Software Development

March 5, 2025

2025-03-05 00:00:00

Legit Field CTO Joe Nicastro shares Legit data on SDLC misconfigurations

Legit Security enhances ASPM with risk-based vulnerability assessment

March 4, 2025

2025-03-04 00:00:00

SC Media showcases the launch of Legit context

Legit Security’s AI-Native ASPM Platform Delivers New Vulnerability Prevention Dashboard

March 26, 2025

2025-03-26 00:00:00

Legit is the only ASPM platform to deliver guardrails and controls to stop issues before a merge or software release

Legit’s prevention dashboard helps security teams proactively stop vulnerabilities

March 31, 2025

2025-03-31 00:00:00

HelpNet Security highlights Legit's vulnerability prevention dashboard

The security implications of GenAI use in software development

March 17, 2025

2025-03-17 00:00:00

Legit Field CTO Joe Nicastro explains how to use GenAI securely in software development.

Legit Security Names Yoav Stahl as Vice President of Product for AI-Native ASPM Platform

April 22, 2025

2025-04-22 00:00:00

Technology executive brings more than 25 years of experience driving product strategy and innovation

Legit Security Strengthens ASPM Platform With Broadest Set of AI Capabilities on the Market

April 29, 2025

2025-04-29 00:00:00

New AI-powered prioritization and remediation provide contextual guidance and code suggestions to swiftly fix high-risk application vulnerabilities

Legit Security Extends AI Reach of ASPM Platform

April 29, 2025

2025-04-29 00:00:00

Devops.com talks to Legit co-founder Liav Caspi about new AI capabilities of the Legit ASPM platform

RSA Conference 2025 Announcement Summary

April 30, 2025

2025-04-30 00:00:00

SecurityWeek highlights Legit's new AI capabilities

Legit leverages AI in ASPM platform to find, fix, and prevent vulnerabilities

April 30, 2025

2025-04-30 00:00:00

HelpNet Security spotlights Legit's launch of new AI capabilities

January 1, 2024

2024-01-01 00:00:00

What Does EU's Bug Database Mean for Vulnerability Tracking?

May 19, 2025

2025-05-19 00:00:00

Legit Field CTO Joe Nicastro shares his thoughts on the EUVD.

European Vulnerability Database goes live, but who benefits?

May 19, 2025

2025-05-19 00:00:00

Legit Field CTO Joe Nicastro talks to HelpNet Security about the EUVD.