The overwhelming number of vulnerabilities reported each year — nearly 30,000 new CVEs were published in 2023 alone — has put a significant burden on application security and engineering teams. Traditional vulnerability management prioritization inputs, tools, and workflows often struggle to keep pace with the volume and increasingly complex nature of these threats.

At FOSSA, we’re committed to helping security teams do vulnerability management more effectively and efficiently. That’s why our product supports EPSS scores, VEX, and multiple other prioritization filters. It’s also why we’re so excited to share that we’re joining the Secure Developer Alliance (SDA).

The SDA is a groundbreaking collaboration led by observability leader New Relic; it also includes Gigamon, Lacework, Aviatrix, and Opus. It will provide a number of resources to help organizations in New Relic’s customer base and beyond handle vulnerability management more efficiently. 

‘We’re very proud to have founding partners that are leaders in the security industry as part of our Secure Developer Alliance,” said New Relic Chief Product Officer Manav Khurana. “With their participation, our aim is to improve the overall security experience for our customers by delivering unparalleled observable security experiences that speed application release velocity, reduces risk, and significantly improves the productivity of developers.” 

“We are so excited to welcome FOSSA as a founding partner in the Secure Developer Alliance. Their expertise in open-source management complements our commitment to ensuring that developers can build securely in the cloud without sacrificing velocity,” shared New Relic Director of Product Krystle Portocarrero. ” This partnership is not just about integrating technologies, it's about forging a new path to provide an intuitive secure development journey. Together we’ll offer a seamless, integrated experience that empowers developers to innovate in the cloud and confidently leverage the full spectrum of open-source software to accelerate their projects while maintaining a strong security posture."

Several of the SDA’s first projects will be focused on education. Together, SDA members will produce courses and training materials covering areas like: 

  • Best practices for implementing and managing observable DevSecOps processes and compliance
  • Guidance on using technologies and tools conducive to the adoption of observable DevSecOps
  • Requirements, benefits, and approaches to DevSecOps for application security

Additionally, we expect to share more information in the months to come about technology integrations that will help New Relic customers and SDA participants efficiently prioritize and remediate vulnerabilities. This will include using FOSSA and New Relic to tie build-time and run-time insights together.

We look forward to working with our SDA partners to progress toward our joint vision of making developer-centric security more attainable. 

For more information on the Security Developer Alliance, please visit New Relic’s website. Or, to learn more about getting started with FOSSA, please reach out to our team.