Security Risk Advisors (SRA) is a highly specialized consulting firm working closely with large enterprises to develop sustained, strengthened security management processes to meet the strict security demands of CISOs, auditors, and boards of directors. SRA consultants do this using their proprietary (and free!) software product, Vectr.io, , in conjunction with collaborative Purple Team security testing, to record security events and results and report that data to their clients. Prior to partnering with Slim.AI, the process for removing vulnerabilities was very manual and took up quite a bit of resourcing and time. Now, the SRA team is able to ensure the containers used to build VECTR™ are free of threatening vulnerabilities, adding a deeper layer of security for their clients in less time.
Paul Spencer, Senior DevOps Engineer at SRA, built the DevOps team and all of its tools and processes from scratch over the past 3-1⁄2 years. With heightened compliance requirements from clients, and a team burdened with highly manual and time-consuming processes for building and deploying VECTR™, Paul set out to find solutions for improving the infrastructure and developing a more mature version of the software development lifecycle. Seeking to deploy modern processes like containerization, slimming, SBOMs (software bills of materials), and vulnerability management without having to largely expand his team, Paul found the ideal solution in Slim.
Paul met the Slim.AI team at an AWS Summit in New York City. “As a small shop with a small team, we need high impact tools that help us get to the solution without a lot of cumbersome setup,” said Paul. “Slim had a low barrier to entry for our team who had limited experience with Infrastructure-as-Code (IaC). The speed and ease with which we could integrate with the Slim platform made it a low risk, high reward tool for us.”
The experience of SRA’s development team tracks with findings of the Slim.AI Public Container Report 2022 in which approximately 70% of developers surveyed said they were expected to deliver software with zero vulnerabilities, yet only about one quarter of those developers had the skills to slim or harden their containers for production use. With large enterprises tightening security and compliance requirements on every level, especially Fortune 50 companies like those working with SRA, the proven security of software solutions being used is a top priority.
Implementing automation into the CI/CD pipeline was easy with Slim and saved the SRA DevOps team from the minutiae of implementation that was part of their previous process, and remediation time was significantly reduced. CLI, which is the primary way to get containers in and out of the Slim platform, was very direct and clear for the developers. Slim continues to add functionality, specifically the addition of vulnerability scanners Grype and Trivy, that is proving valuable as the SRA team focuses on the continuous improvement of their cybersecurity defenses.
“It’s easy to get started with containers,” said Paul. “It’s much harder to get mature with containers. Slim’s container optimization platform is the tool that paves the way to get there. Slim required very little investment on the front end to prove its value.”
We're excited to share some big news from Slim.AI. We're taking a bold new direction, focusing all our energy on software supply chain security, now under our new name root.io. To meet this opportunity head-on, we’re building a solution focused on transparency, trust, and collaboration between software producers and consumers.
When we started Slim.AI, our goal was to help developers make secure containers. But as we dug deeper with our early adopters and key customers, we realized a bigger challenge exists within software supply chain security — namely, fostering collaboration and transparency between software producers and consumers. The positive feedback and strong demand we've seen from our early customers made it crystal clear: This is where we need to focus.
This new opportunity demands a company and brand that meet the moment. To that end, we’re momentarily stepping back into stealth mode, only to emerge with a vibrant new identity, and a groundbreaking product very soon at root.io. Over the next few months, we'll be laser-focused on working with design partners and building up the product, making sure we're right on the mark with what our customers need.
Stay informed and up-to-date with our latest developments at root.io. Discover the details about the end of life for Slim services, effective March 31, 2024, by clicking here.
We're excited to share some big news from Slim.AI. We're taking a bold new direction, focusing all our energy on software supply chain security, now under our new name root.io. To meet this opportunity head-on, we’re building a solution focused on transparency, trust, and collaboration between software producers and consumers.
When we started Slim.AI, our goal was to help developers make secure containers. But as we dug deeper with our early adopters and key customers, we realized a bigger challenge exists within software supply chain security — namely, fostering collaboration and transparency between software producers and consumers. The positive feedback and strong demand we've seen from our early customers made it crystal clear: This is where we need to focus.
This new opportunity demands a company and brand that meet the moment. To that end, we’re momentarily stepping back into stealth mode, only to emerge with a vibrant new identity, and a groundbreaking product very soon at root.io. Over the next few months, we'll be laser-focused on working with design partners and building up the product, making sure we're right on the mark with what our customers need.
Stay informed and up-to-date with our latest developments at root.io. Discover the details about the end of life for Slim services, effective March 31, 2024, by clicking here.
