Contrast Security Joins CNCF

May 20, 2021

Contrast Security has joined the Cloud Native Computing Foundation (CNCF) and Linux Foundation as a silver member, which brings together the world's top developers, end-users, and vendors to enable cloud native architectures and open source technologies. CNCF serves as the vendor-neutral home for many of the fastest-growing open source projects, including Kubernetes, Prometheus, and Envoy. In becoming a member, Contrast aims to support and educate the industry on the increasing risks and benefits of cloud native architectures and open source software through active participation in the foundation's events, projects, and community.

Adoption of third-party open source software (OSS) has increased significantly over the past several years. OSS refers to application components (e.g., frameworks and libraries) within the public domain that developers can use, modify, and share to help augment proprietary code developed in-house and to accelerate time to market. As a result, OSS has gained wide adoption and is used by the vast number of enterprises embraced by major corporations, including Walmart, JPMorgan Chase, and even Microsoft. At the same time, Contrast continues to empower organizations to leverage OSS safely without the risks they bring: vulnerabilities inherited to enterprises' software, targeted attacks against open source code, and intellectual property licensing risks.

Cloud native applications also offer various benefits to organizations over traditional applications running in the cloud. The value of cloud native approaches typically falls into two different areas: greater business agility and faster development cycles. As organizations seek to tap the advantages of cloud native, the adoption of cloud native components is rapidly growing. Forrester, for example, predicts that just a year from now, 30% of developers will regularly use cloud containers and 25% will use serverless computing. These numbers will likely only increase as the marketplace continues to rapidly evolve and enterprises frequently need to make high-impact changes to applications on a very short timeline. However, in order to realize the full benefits of cloud native applications, organizations must ensure they have the right security technology and processes in place.

"We are proud to announce that Contrast has joined as a member of the CNCF and Linux Foundation to help drive industry change," said Surag Patel, Chief Strategy Officer at Contrast Security. "Many of the core foundations of this community to accelerate digital transformation, such as APIs, Kubernetes, serverless functions, Cloud Native architecture, and open source code, bring along with them exponentially increasing risk. Contrast was founded to enable enterprises to leverage all of these modern approaches while eliminating the risk they bring without slowing down digital transformation. We will bring a unique understanding of the market along with a differentiated capability around security observability that we believe will benefit the community."

Contrast's CNCF membership follows the recent publication of its 2021 State of Open-source Security Report that revealed that 38% of third-party libraries found in applications are active and only 31% of classes in active libraries are invoked. Traditional software composition analysis (SCA) approaches attempt to analyze all of the open source code contained in applications which translates into a huge time and resource expenditure chasing vulnerabilities that pose no risk at all. Yet, for third-party code that is invoked, risk is inherent: The average age of a library is 2.6 years old, and applications contain an average of 34 CVEs.

The report also discovered that many applications contain high-risk licensing issues that may require the applications in question to be released as open source (e.g., 35% contain at least one copyleft license). CNCF members will benefit from these and other types of data insights that are possible as a result of the inside-out application security approach of the Contrast Application Security Platform.

"It is a pleasure to welcome Contrast as a CNCF member," said Priyanka Sharma, General Manager at CNCF. "Cloud native patterns require integrated security practices and a paradigm shift to protect applications closer to dynamic workloads from the traditional perimeter-based security approach. We look forward to Contrast's contributions and run-time security expertise to help shape the future of cloud native security and secure open source software."

Contrast already supports a variety of CNCF projects including Buildpacks with automated configuration of Contrast's security instrumentation technology into every workload image. Every workload is paired with application security insights, instilling security confidence at scale in highly distributed environments. As a CNCF member, Contrast will continue to collaborate with peers on best practices, work directly with project maintainers, and provide feedback to CNCF.

Terms of Use | Copyright 2002 - 2021 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement