SANTA CLARA, Calif.--(BUSINESS WIRE)--ShiftLeft, Inc., an innovator in automated application security testing, today announced 407% year over year revenue growth driven by increased customer demand for its cutting edge technologies which radically reduce application attackability by assessing the actual attack pathways and providing remediation steps for the most serious risks. Application security teams and developers using ShiftLeft are able to close more security gaps at a faster pace and spend more time focusing on the issues that matter the most thanks to the combination of lightning speed of analysis and the highest industry accuracy. During the year, the company enjoyed a 153% net customer retention rate driven by strong customer embrace of the product. In Gartner’s Peer Insights platform, ShiftLeft has received exclusively five-star ratings based on reviews from its users in the Application Security Testing market as of October 29, 2021.
ShiftLeft’s innovative Code Property Graph (CPG) combines unique representations of source code and makes them accessible via a high-performance graph database. This architecture supports a growing suite of novel product capabilities including extensible code analysis and precise data flow analysis. With a startup time of seconds for individual developers and application security teams alike, ShiftLeft drops directly into all major continuous integration tools without requiring any modification to existing code development workflows. In the past year, ShiftLeft added multiple new products delivered for production customers, including:
-
ShiftLeft CORE – A unified code security platform to support DevOps deployment cycles, that includes:
- ShiftLeft Next-Gen Static Application Security Testing: Leveraging industry’s first attackability analysis, ShiftLeft accurately identifies attackable vulnerabilities that customers should prioritize above all else.
- ShiftLeft Intelligence Software Composition Analysis – Precisely identifies the vulnerable dependencies that make an application attackable.
- ShiftLeft Educate – A highly-effective context-sensitive security training for developers within the developer workflow.
- ShiftLeft Illuminate – A tech-enabled service engagement where ShiftLeft experts identify insider attacks in the software development pipeline.
- ShiftLeft Ask an Expert – An offering that assists developers with triaging and fixing critical vulnerabilities.
“In Application Security, the first priority for customers is to identify how to prevent attackers from exploiting their applications. ShiftLeft is the first company to bring attackability analysis to application security, identifying vulnerabilities in applications as well as identifying a handful of libraries that actually make the application attackable without forcing developers to leave their workflow or change their tooling in ways that can impact their productivity,” said Manish Gupta, ShiftLeft’s Co-Founder & CEO. “As we continue to add new features at an accelerating pace and grow our market penetration across verticals, we are keeping our focus on our North Star — helping customers fix the highest number of vulnerabilities in the shortest time possible thereby minimizing -- even eliminating -- the attackability of their applications.”
Because ShiftLeft is so efficient, accurate, and easy to use, customers are using it more frequently and with better results, proving that modern application security testing can dramatically improve code security at scale and improve security posture. In the 2021 AppSec Shift Left Progress Report, customers using ShiftLeft reported that:
- 91.4% of new issues were fixed in 1 to 2 sprints (2-3 weeks) when ShiftLeft is automated in the CI/CD pipeline
- 92% reduction in SCA tickets by prioritizing open source vulnerabilities based on attackability of the vulnerable libraries
- 86% of fixes were for critical or well-known issue classes
- Median scan time of 2 minutes and 20 seconds
- With shorter scan times, 46% of all applications were scanned weekly and 17% scanned daily
During a milestone year of growth, ShiftLeft won public accolades and analyst acclaim. To bring transparency to application security and demonstrate the industry leading accuracy of its technology ShiftLeft allows any customer to test its OWASP Benchmark themselves. “This year, we have made it possible for any customer to publicly validate our claims by analyzing the benchmark standard from within our app. We are the only vendor who has taken such a public stance,” says Chetan Conikee, Chief Technology Officer at ShiftLeft. To date, based on data gathered from these tests, ShiftLeft has set an industry standard with a 75% accuracy rate, factoring in both false positives and false negatives. This is the highest rate of any automated application security testing technologies.
According to 2021 Gartner® Critical Capabilities for Application Security Testing report, “Long considered mature, the application security testing market has entered a period of rapid evolution and change. New vendors and capabilities are addressing evolving requirements and application architectures, and the increased pace of development.”
In 2021, the company launched its inaugural Shifting Left Conference 1.0 Conference and the follow up Shifting Left 2.0 Conference. The two events provided the developer and application security communities with newfound and invaluable insights into application security for developers, modern developer workflows, code analysis and software composition analysis. For 2022, ShiftLeft’s next event in January will provide attendees with educational deep-dives, anecdotal lessons, and peer networking opportunities. The conference unites security teams and developers by giving them new skills to find and quickly fix high-severity vulnerabilities, and, by extension, to build and release safer applications.
To support its accelerating innovation roadmap and customer growth, ShiftLeft added experienced executive talent including Kit Wetzler as VP of Worldwide Sales, Corinna Krueger as VP of Marketing and David Walker, Director of Alliances. Wetzler will expand the global sales and customer footprint. Krueger will grow marketing efforts into new channels and expand product marketing. A noted GTM and business development leader, Walker will work closely to expand current channel programs and grow the business with key business partners.
*Gartner, “Critical Capabilities for Application Security Testing”, Mark Horvath, Dale Gardner, Dionisio Zumerle, May 26, 2021.
Gartner Disclaimer:
GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.
