According to one recent study, software supply chain attacks increased a shocking 650% in 2021, web app attacks grew 800% compared to 2019, and Cybersecurity Workforce Estimate and Cybersecurity Workforce Gap suggest the global cybersecurity workforce needs to grow 65% to defend organizations' critical assets effectively.
"When you consider the incredibly insufficient number of security experts worldwide (roughly 3.5 million) compared to the vast number of developers on GitHub (83 million), it's clear the industry needs to focus on building integrated security solutions for developers," said otto-js Co-founder & CEO Maggie Louie.
GitHub code scanning, part of its Advanced Security offering, runs security checks across code as it's created, automating application security as an integral part of the developer workflow. otto-js' 3rd-party Client-Side AppSec testing and monitoring works alongside GitHub security products, like Dependabot, for software composition analysis (SCA) to provide comprehensive application security testing, visibility, protection, and control over supply chain vulnerabilities and attacks.
"GitHub has a relentless focus on the developer experience. We understand that developers want to stay focused on writing code, and not switching from tool to tool. Integrating actionable security notifications from GitHub Advanced Security and the growing partners in our marketplace helps to reduce the time to remediate security issues by keeping developers in flow.
With the vision of supporting teams that are severely short-staffed in cybersecurity, Chad Fowler, former CTO of Wunderlist and Chief Product Officer at otto-js, led the development of otto's user interface "ottoBox" and functional design to embody an "Inbox Zero" methodology.
"The problem with most cybersecurity and threat detection tools is they require a lot of security expertise to understand, let alone manage. Even security experts spend hours in conventional tools trying to review and classify thousands of requests to figure out which represent risks. It seemed like the industry needed something intuitive and automated, so you don't need all the charts and analytics. Instead, you have a very practical solution for teams needing to move quickly and get back to their core jobs," said Fowler.
otto-js loads with the code in the client-side browser at runtime, where it continuously monitors the third-party supply chain for vulnerabilities and risky script behaviors, like reading credentials/PII data and sending customer data to external servers. The company also provides mitigation for client-side attacks like Magecart and malware.
As the deadline for new PCI DSS V4 compliance approaches & GDPR security standards accelerate, otto-js is a significant and timely addition to the GitHub Marketplace. Fuelled by growing cyber threats and privacy concerns across all industries, leveraging developer platforms like GitHub to enable developer-centric security solutions will be critical to the evolution of cybersecurity and cyber resilience.
Learn more and start a free trial at otto-js.com.