February was just a few months ago, yet it feels like a lifetime. It was a huge month for the team at BluBracket. We launched our company and product at RSA Conference, unveiled the work we’d been building on Code Security and shared the stage with amazing startups at the RSAC Innovation Sandbox.

As we all know, everything changed just a few weeks later. Luckily, we were set up for remote work, with at least half of our team working outside our Palo Alto office. But obviously, the pace, tone and substance of activities have changed. People are working odd hours right now. With kids at home, people are taking fewer calls during the workday and spending more time learning and consuming information at night. That’s why we are making extra efforts to keep our team connected. We begin every day with a virtual coffee hour to kick off the workday and make sure we connect in a social way before Zoom calls begin.

We’ve learned a lot about ourselves as a company and our role as educators in the cybersecurity community. The sudden shift to remote work has security teams scrambling to adjust. That’s why we’ve shifted to education around code security and how to secure remote developers.

Yes, some companies were more prepared than others, but CISOs in general are figuring out how to secure developers in this new environment. Unmonitored home workstations, for instance, create visibility and security issues that security teams should be on top of. Git-based systems equal code proliferation, with developers cloning the full repository on any machine they work with. Hackers are figuring out how to target unsecured machines or code that may have been unwittingly uploaded to GitHub or others with credentials and tokens.

We’re working on more materials that show CISOs and directors of application security how to secure Git and gain the visibility and governance they need around developers, which includes a Code Security Audit and Report on public Git repositories. The audit and report uncovers passwords, secrets in code and other credentials that are security risks.

We know companies don’t want to necessarily start large projects right now or even commit to a lot of long meetings, but this is a way we can help them during this time with very little time on their part. In addition, we’ve produced white papers and documents on “The Top 5 Security Threats from Code.” We want CISOs and other security professionals to understand the threat vector that's out there. It's not about our product but rather an assessment of risk. Companies need to realize that the new normal will reward those companies that seek to partner and help their customers. 

As a startup, our priority remains on building the first comprehensive solution for code security, so, of course, we’re focusing on our product. That hasn’t changed, even though we realize our team members may have distractions and other priorities right now. Being a security startup in this time is challenging, yet as the pandemic accelerates the pace of digital transformation for everyone, our mission to secure the software that powers the world remains even more critical.

Contributors: