Source URL: https://anchore.com/blog/how-sabel-systems-reduced-vulnerability-review-time-by-75-while-maintaining-zero-critical-vulnerabilities/
Source: Anchore
Title: How Sabel Systems Reduced Vulnerability Review Time by 75% While Maintaining Zero Critical Vulnerabilities
Feedly Summary: We’re excited to share a new case study highlighting how Sabel Systems transformed their security review process while scaling their Code Foundry platform to support Department of Defense (DoD) missions. Sabel Systems provides managed DevSecOps pipeline-as-a-service for DoD contractors developing mission-critical vehicle systems. With a lean team of 10 supporting over 100 developers across hundreds […]
The post How Sabel Systems Reduced Vulnerability Review Time by 75% While Maintaining Zero Critical Vulnerabilities appeared first on Anchore.
AI Summary and Description: Yes
Summary: The text discusses a case study where Sabel Systems significantly improved its security review process for the Code Foundry platform serving Department of Defense (DoD) contractors by automating vulnerability management, resulting in a 75% reduction in review time while maintaining security standards.
Detailed Description:
The case study details how Sabel Systems, which provides managed DevSecOps pipeline-as-a-service for DoD contractors, managed to overcome challenges in its security review process. Given the critical nature of security in DoD-related work, their original manual vulnerability review process was proving inadequate for their growing demand.
– **The Challenge:**
– Manual vulnerability reviews took 1-2 weeks per build, creating a bottleneck in deployment.
– The environment required adhering to strict security measures, specifically achieving Authority to Operate (ATO) in controlled unclassified environments (IL5).
– The manual process limited Sabel Systems’ ability to deliver quickly and support a growing number of applications.
– **The Solution:**
– Sabel Systems implemented Anchore Enterprise for automated vulnerability management.
– Automated scanning is embedded into CI/CD pipelines, significantly cutting down review time to just 3 days.
– Anchore Enterprise facilitates compliance with framework requirements (FedRAMP, NIST) without needing external connectivity.
– Its API-first architecture allows for flexible deployment across different CI/CD tools.
– It enhances audit transparency by providing real-time security dashboards, reducing reliance on outdated static reports.
– **Results Achieved:**
– 75% faster vulnerability reviews enabled the same team to handle more applications.
– Consistent maintenance of zero critical vulnerabilities across over 100 applications in IL5 environments.
– Enhanced ATO processes due to proactive security feedback.
– Replacing static compliance reporting with dynamic, real-time updates streamlines the audit process for government reviewers.
This case study emphasizes the effectiveness of automating security processes, particularly in high-stakes environments like federal defense contracting. The insights provided can be beneficial for professionals looking to improve their security operations, especially in regulated industries, by adopting automated tools and integrating them within their development pipelines.