""Smart people are burning out sifting through backlogs of unprioritized, low-value vulnerabilities, while the real critical pathways go unprotected," says Shlomie Liberow, founder and CEO of Aisy (and formerly head of hacker research and development at HackerOne). He doesn't see this changing for mid-tier and larger companies - partly because of the security industry itself. Each vulnerability tool competes with other vulnerability tools, and each one avoids the possibility of a competitor finding more issues than it does itself."
""In the world of bug bounty," he explains, with the authority of seven years at HackerOne, "it's not about 'I went onto a website, and I found a particular route, and now suddenly I'm leaking privileged information'. It's more 'I found this peculiar behavior, and I also saw something else odd nearby, and I can put the two together'." That's the real bug (chaining vulnerabilities), but it's not always evident in a simple list of tickets unearthed by security products."
Aisy launched with $2.3 million in seed funding from Osney Capital, Flying Fish Ventures, 6 Degrees Capital, and angel investors. The platform helps security teams manage, prioritize, and reduce overwhelming volumes of vulnerability alert tickets that cause burnout and leave critical pathways unprotected. Aisy analyzes systems from the outside, adopting an attacker viewpoint to surface effectual vulnerabilities and chains that are not apparent in raw ticket lists. The approach uses bug-bounty-style pattern recognition to connect seemingly minor anomalies into exploit paths, enabling teams to remediate high-impact issues first and improve security efficiency.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]