Snyk’s developer security platform provides developers and security professionals with the tools they need to build and operate modern applications securely. Snyk enables users to shift security left and to embrace a DevSecOps model. Modern application development teams understand that shifting left means bringing information to developers’ fingertips as early as possible in the development process to create efficient and secure applications and development processes.

We recently held a panel discussion with Peak’s Gary Myers, Free Agent’s Richard Grey, Trace’s Sorcha Lorimer, and our own Guillaume Montard to pose the question: “How do you bridge the gap between security and privacy teams?” If you weren’t able to join us, here’s a rundown of the key takeaways that came up during the chat. You can also find an archive of the discussion at the end of this post if you’d love to watch it in its entirety.

Security and privacy are inherently linked, yet decisions about each are often made in silos. It can be a challenge for teams of all sizes, with varied specialities, to connect the two domains. With that in mind, we’re pleased to announce our first live panel event: How do you bridge the gap between data security and privacy?

What can data security and privacy leaders expect from the year ahead? How will key trends shape the industry? Our team looks at three key trends that will impact security and privacy in 2022, and what leaders can do to get ahead of the curve.

Application Programming Interface (APIs), allow services to communicate with each other. Naturally, applications that are interconnected through many APIs, require thorough security testing, as each connection could potentially include software vulnerabilities. Since there are different methods to test these junctions, I want to briefly discuss the benefits and weaknesses of the most commonly used API testing methods in this article.

APIDays is a world series of conferences about—you guessed it—APIs. It made a lot of sense for us to attend it in past years, since we started Bearer as an API monitoring platform. As we pivoted to a data security product a year ago, we wondered if we still had something to contribute. That was until we learned that APIDays would host the Privacy Engineer Conference.

Tech companies building cloud-native applications face a set of unique and rising data protection challenges. At Bearer, we had the chance to speak with 100+ data security and privacy professionals including Chief Information Security Officers, Directors of Security Engineering, Application Security Engineers, Data Protection Officers, Privacy Engineers, and many more. Here are the top concerns that keep them up at night.

The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021, lists the most critical web application security risks. But OWASP also maintains the API Security Top 10 project which was last updated in 2019. Each category is ranked based on the frequency and severity of the defect.

CI Fuzz is a platform for automated security testing that aims to enable developers to ship secure software fast. The platform empowers development teams to automatically deploy continuous REST API security tests with each pull request. Since it enables the instrumentation of entire web service environments, CI Fuzz can create test inputs that are guided by code coverage. This enables it to uncover complex vulnerabilities and edge cases that other tools often overlook.

End of summer 2020: Bearer takes the decision to pivot. We have been building an API monitoring & debugging solution for engineering and DevOps teams. We have a stable product and dozens of users onboard. Even so, after months of iterations product adoption is still low and our positioning with all-in-one monitoring solutions is disadvantageous. Product-Market-Fit (PMF) is definitely not in the line of sight.