Application code security provider BackSlash has announced a new application security posture management (ASPM) platform to combine its existing application security (AppSec) capabilities with a few new ones.\n\nThe new platform will pack BackSlash\u2019s existing AppSec solutions including software component analysis (SCA), static application security testing (SAST), software bill of materials (SBOM), vulnerability exploitability exchange (VEX), and secrets detection, within a holistic ASPM offering, aimed specifically to focus on risk prioritization.\n\n\u201cMost AppSec professionals spend 50% or more of their time chasing vulnerabilities,\u201d BackSlash said in a press release. \u201cThe sheer volume of vulnerabilities flagged across multiple costly and siloed tools overwhelms the typical AppSec team, and fixing the most critical security risks is increasingly challenging without the ability to prioritize.\u201d\n\nThe ASPM platform is generally available at launch and can also be availed on the AWS Marketplace.\n\nBackSlash fuses \u201creachability analysis\u201d into existing stack\n\nBackSlash recently announced a cloud-native AppSec solution aimed at identifying toxic code flows and automating threat models. The new ASPM is intended to provide an integrated, continuous view of an organization\u2019s AppSec posture to help prioritize risks.\n\n\u201cBackslash is approaching application security from a risk-prioritization security posture standpoint to help security teams and developers work more efficiently,\u201d said Melinda Marks, senior analyst at ESG. \u201cThis is a clever way to enable risk mitigation and application protection with a hacker point of view with what they are calling \u2018reachability analysis.\u201d\n\nBackSlash\u2019s new reachability analysis will constitute the core offering of the ASPM platform by attempting to prioritize the most critical open source software vulnerabilities and code vulnerabilities by pinpointing risks that are actually reachable and exploitable. This, according to BackSlash, will drastically reduce alert noise and allow security teams to focus on genuine threats.\n\n\u201cThe top challenge for security operations is the change velocity with the speed and volume of software releases, so having a more efficient way to manage remediation can help teams mitigate risk to prevent security incidents,\u201d Marks added.\n\nBackSlash promises contextual risk analysis\n\nBackSlash\u2019s new ASPM will inherit its existing toxic flow analysis capability that allows the product to identify, on average, one critical toxic flow for every 100 security alerts produced by the AppSec tools. This is done through risk-based vulnerability management (RBVM) wherein BackSlash prioritizes risks based on their exposure and business context.\n\n\u201cContext and efficiency are now key to help security teams scale with modern application development,\u201d Marks said. \u201cOrganizations are moving to consolidation and platform approaches. So, instead of using separate siloed tools, they are looking for integrated platforms that can pull in data from multiple sources to give them the context needed to prioritize risk.\u201d\n\nThe new ASPM will also feature a \u201cremediation at the root\u201d capability, which will allow it to target the right developer for each code fix, with evidence to reduce remediation and triage MTTR (mean time to recovery).