Virtualization Technology News and Information
oak9 Releases Tython, First Open-Source Security as Code Framework and SDK
Development teams leverage Infrastructure as Code (IaC) automation to make fast and frequent changes to their cloud native architectures. The only way for security teams to keep pace with rapidly evolving software development is to embrace automation and codify security.

Now, there's a framework that makes Security as Code (SaC) available to everyone.

oak9 has released Tython, the first and only open-source SaC framework and software development kit (SDK) with a bring-your-own-language model to eliminate the challenges of existing tools and scale cloud security. Tython allows security teams to build custom security reference architectures and design patterns as code.

oak9's security architecture team has been using Tython internally for years to codify industry reference architectures from organizations like Cloud Security Alliance, NIST, AWS, Azure, GCP, OWASP, and more. The team recognized the importance of opening this framework to the larger community.

"Almost every security architecture practice we speak with wants to build reference architectures, but they just don't have the time," said Aakash Shah, Chief Technology Officer and Co-Founder at oak9. "Tython gives the community a way to collaborate in building security best practices and the ability to easily implement the policies they need in whichever programming languages they choose, so they can effortlessly scale within their organization."

Tython revolutionizes how security and development teams operate and collaborate - it democratizes security for developers, enables development and security to operate autonomously, and creates shared responsibility around security.

Within minutes, users can clone the Tython repository from Github, and build and test their security blueprints. With the power of the oak9 platform, Tython not only identifies security design gaps, but also fixes them, regardless of the IaC language and cloud service provider (CSP) the developer chooses to use.

"Tython goes well beyond configuration management approaches of existing policy-as-code languages and helps security holistically assess the entire cloud architecture," continued Shah. "Security, compliance, and governance guardrails defined in Tython are enforced across the entire software development lifecycle - from design to post-deployment - automatically, giving developers real-time feedback for any change they make."

Published Friday, April 21, 2023 10:51 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2023>