Security Compass: Making Software Secure

Rohit Sethi, COO

Built in or bolted on? In any given scenario, ‘bolted on’ should not be the first choice, and yet for software security, ‘bolted on’ is certainly the norm. In the light of newer paradigms being adopted in the organizational infrastructure, networks and software are increasingly becoming vulnerable to calamitous cyber attacks. In such a scenario, security needs to be the top most priority for organizations, especially when it comes to software development. Transforming this belief into reality is Security Compass. “We really want people to walk away with understanding that we are the company, which is focused on making software secure,” says Rohit Sethi, the COO of Security Compass. Headquartered in Toronto, Canada, Security Compass is a software security company specializing in solving root application security problems for Fortune 500 companies. While the company set sail as a consultancy firm offering wide range of penetration testing services, it today brings an intuitive Application Security Requirements and Threat Management (ASRTM) platform—SD Elements to the table. The platform assists organizations in eliminating security vulnerabilities in mission-critical applications, minimizing organizational risk, and seamlessly complying with regulatory and compliance standards. Security Compass also still offers a variety of advisory services, as well as an eLearning platform for providing security training to development teams.

Security Compass—an IBM partner, raises the bar for application security in software development through their flagship platform, SD Elements. Organizations can unify application security with business goals to build better, more secure software through SD Elements.

Conquering security risks together will help achieve the organization’s mission without compromising usability

Uniquely positioned to help organizations seamlessly to introduce security requirements early in the software development lifecycle, the platform eliminates security vulnerabilities in the most cost effective way, before scanning begins. The platform takes a five-step approach which involves answering a short questionnaire about setup and compliance, automating risk analysis and customization, linking them to test cases, delivering through development tools and building security, and at last verifying requirements. SD elements tackles the threats by generating comprehensive threat profiles for which detailed counter-measures are compiled for corresponding application and then automated throughout the Software Development Life Cycle (SDLC).

Available in three different versions—Express, Professional, and Enterprise, the platform is suitable for a wide variety of development teams, and offers new enterprise-level integration and customization capability. SD Elements fits into the existing development process and synchronizes security and other non-functional requirements with Application Lifecycle Management tools. IBM’s Rational CLM is one among the ALM tools which support SD Elements. SD Elements also integrates with popular security scanning tools such as IBM AppScan. Security Compass, as an IBM partner delivers end-to-end solutions to address the security issues of clients.

What adds to the company’s competency in the software security landscape is their training content and their consultancy support that enables them to assist the clients, right from the initiation of their security process to ensure the application is secure. “We offer high-level, strategic advice across a variety of areas to help an organization in improving its overall security posture,” adds Sethi. Security Compass has partnered with IBM and consequently, the training and security requirements of Security Compass are a part of IBM’s end to end solution software. Security Compass also works with Vantage Point in the Asia Pacific region.

Talking about the future of Security Compass, Sethi mentions that the company is planning to expand geographically and also planning to venture into healthcare, medical device manufacturing, and energy utility, along with oil and gas sectors. The company anticipates a strategic expansion into newer and broader markets to accomplish its prime vision—to become a one-stop-shop for organizations to produce and deploy a secure application.

Security Compass News

Security Compass Announces Acquisition of Kontra from ThriveDX, Expanding its Application Security Training Offerings

TORONTOSecurity Compass, The Security by Design Company, today announces the acquisition of application security training software provider Kontra from ThriveDX, the global leader in cyber training and talent development. The acquisition marks a pivotal step forward in Security Compass's ongoing mission to empower businesses with application security solutions centered on a Security by Design approach.

“The acquisition of Kontra marks a significant milestone in our journey towards creating a world where we can trust technology. Kontra's unique approach to Application Security Training, combined with our existing solutions, greatly enhances our ability to deliver comprehensive and engaging application security training. This acquisition is aligned with our focus on relevant application security training for developers. It enriches our portfolio of just-in-time, contextual training, and our Secure Software Practitioner suites, co-branded with ISC2.” said Rohit Sethi, CEO of Security Compass.

Gyan Chawdhary, founder of Kontra, also expressed his enthusiasm for this new chapter for the product. "When I started Kontra, it was about developing a new way for developers to learn about application security," said Chawdhary. "Joining forces with Security Compass accelerates our vision, combining our interactive training expertise with their global reach, marquee customers and application security solutions. It's a perfect synergy for advancing developer cybersecurity education."

“We're excited to embark on this promising partnership with Security Compass,” stated Dan Vigdor, Co-CEO, Co-Founder and Executive Chairman of ThriveDX. “With the innovative Kontra product now under their umbrella, we believe Security Compass will play a pivotal role in bringing it to broader audiences.”

This acquisition strengthens Security Compass's ongoing commitment to providing top-tier cybersecurity training solutions. Kontra, known for hands-on training labs and a best in class developer experience, complements Security Compass's existing offerings, including Application Security Training, SD Elements and Just-In-Time Training. Customers of both Security Compass and Kontra can look forward to an expanded suite of training options tailored to a diverse range of learning preferences and needs.