Company
Date Published
Author
Wayne Crissman
Word count
998
Language
English
Hacker News points
None

Summary

The Snyk Security Research team is standardizing its code to cloud security rules set on the Common Configuration Scoring System (CCSS) to eliminate burdensome proprietary severity scoring for AppSec teams, providing a clear security assessment for configurations across the Software Development Life Cycle (SDLC). This update aims to empower developers and security teams with a better way to assess, prioritize, and triage security issues, fostering a more secure and efficient development lifecycle. By applying CCSS standards, Snyk can provide customers with accurate risk scoring for their infrastructure as code and cloud configurations based on technical severity, threat intelligence, and application and business context. The use of industry standard frameworks like CVSS and CCSS enables consistent scoring and comparison across vendors, reducing the burden of translation and providing a common language for everyone involved.