Virtualization Technology News and Information
Novel Code Scanner by Piiano Helps Enterprises Prevent Data Leaks Proactively

Piiano announced Piiano Flows, the industry's first privacy-centric static code analyzer. The company will offer free scans until the end of 2023.

High-profile data leaks, including Duolingo's PII leak in late August, underscore the critical importance of data protection for businesses on a global scale. Flows automatically and continuously analyzes source code throughout development processes and tracks when, where and how sensitive data are being used and stored. This enables security teams to shift data security left with a more proactive approach. Piiano's tool finds potential data leaks inside source code and ensures that sensitive information, such as Personally Identifiable Information (PII), credentials and financial information, are protected before faulty code reaches production.

"Security leaders want to focus more on data security during development, but don't have the right tools to do so at scale and see what's happening with data in their code. Data vulnerabilities are even harder to hunt down after faulty code reaches production, which is why our tool nips the problem at the source," says Gil Dabah, co-founder and CEO of Piiano.

Developers are expected to work at a rapid pace and under a great deal of stress. Compounded by a lack of security expertise and orientation, they are prone to making errors through little fault of their own that can expose data at the code level-such as forgetting to remove debugging logs or inadvertently exposing sensitive data through public or third-party APIs.

According to Justinian Fortenberry, CISO at Etsy and a board advisor to Piiano, "Piiano Flows is a very powerful and straightforward solution that, for the first time, enables enterprises to save time identifying potential data leaks during and after the application development process."

Dabah likens Flows to a "SAST-type tool for proactive DPSM." The company's proprietary NLP ML model and taint analysis algorithms - a more accurate approach than more commonly used Large Language Models (LLMs) - maps and highlights any code that touches sensitive data, including incoming, outgoing and stored data, to help find data privacy and security issues and blind spots that can happen in runtime.

Flows, available for free, is designed for quick and easy use with an intuitive interface for security teams. To eliminate third-party risk, it only requires access to code itself without ever accessing production environments or production data stores containing sensitive customer data.

Published Wednesday, November 29, 2023 12:30 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2023>