Security News > 2023 > May > Tython: Open-source Security as Code framework and SDK
Security teams must adopt automation and incorporate security measures into code to keep up with the quickly evolving software development.
Tython allows security teams to build custom security reference architectures and design patterns as code.
Oak9's security architecture team has used Tython internally for years to codify industry reference architectures from organizations like Cloud Security Alliance, NIST, AWS, Azure, GCP, OWASP, and more.
Tython revolutionizes how security and development teams operate and collaborate - it democratizes security for developers, enables development and security to work autonomously, and creates shared responsibility around security.
"With Tython, your team can define and enforce security standards in code, automatically detect and remediate design gaps, and ensure that your security guardrails are in place. Plus, Tython's bring-your-own-language approach lets everyone work in the programming language they know best. Tython gives you real-time feedback on code changes, so you can catch and address security issues before they become bigger problems," Aakash Shah, CTO of oak9, told Help Net Security.
"We'll continue to provide improved capabilities for security engineers to express complex security reference architectures easily. We'll also provide platforms that allow the community to contribute and collaborate on security best practices by defining them in Tython. We'll keep adding support for new languages beyond Typescript and Python as user feature requests come in," Shah concluded.
News URL
https://www.helpnetsecurity.com/2023/05/03/tython-open-source-security-as-code-framework-sdk/
Related news
- Enhancing national security: The four pillars of the National Framework for Action (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)
- Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks (source)
- Vanir: Open-source security patch validation for Android (source)