Legit Security launched its new “Legit Posture Score,” delivering a dynamic, comprehensive, and fully transparent ASPM rating system.
Now security teams can proactively measure and manage their AppSec posture instantly with a holistic score that eliminates security scanning siloes and continuously assesses all associated risks, policies, and controls across today’s sprawling software development lifecycle (SDLC).
Security leaders today struggle simply to see, let alone act or improve on, their application security postures. They’re left with piles of security findings and unpatched vulnerabilities from disconnected application security testing (AST) tools, and no efficient way to prioritize or act on the issues that get surfaced.
According to a 2024 ESG Research survey, 42% of security professionals believe that measuring and improving AppSec program efficacy is their toughest challenge today. And with increasingly complex and distributed software factories, mounting supply chain regulations, and agile development teams who continue to prioritize code builds over security checks — the prospect of manually tracking an organization’s application security posture gets less feasible by the day.
Now with the new Legit Posture Score, no longer are AppSec teams stuck piecing together slices of visibility from disparate security scanners and veiled, proprietary scores. The Legit Posture Score sets a new, universal, and fully transparent application security scoring standard for security teams to measure, operationalize, and accelerate AppSec maturity throughout the SDLC.
It accounts for thousands of ASPM factors, consolidating broad CI/CD pipeline context from code to cloud, including asset criticality, security scanning findings, vulnerability severity, and more, all while dynamically mapping the mitigating controls and requirements from best-practice industry standards and regulatory frameworks into one holistic ASPM score.
The new Legit Posture Score empowers AppSec teams to rapidly, with the glance of an eye, identify posture gaps and trends, benchmark performance, and drive continuous improvement throughout their software development environments. With a holistic posture score accounting for a wide spectrum of cybersecurity, regulatory, and operational risks, AppSec teams now intuitively—and automatically—view, prioritize, and remediate the issues most impactful to the business, first.
Key features of the new Legit Posture Score:
- Real-time AppSec posture assessment from code to cloud: The new Legit Posture Score evaluates every aspect of an organization’s application security posture, from the development pipeline to the repository level. This top-down approach allows for detailed understanding of AppSec risks to answer the same critical question asked at every level of the organization: Is my software being developed securely?
- Transparent, explainable framework — no veiled or proprietary scoring: The scoring methodology for the Legit Posture Score is completely transparent. With detailed documentation and full visibility into how every variable and calculation is made, AppSec teams now set priorities and take action in confidence with a score they believe in and can make it their own.
- Dynamic, customizable model: Security teams can easily adjust the scoring model according to their specific security goals. They can associate new and existing controls to the intricate requirements of any number of industry standards and regulatory frameworks (e.g., FedRAMP, SOC 2 Type II, etc.), ensuring that the Legit Posture Score always remains in tight alignment with their strategic security goals and obligations.
- Intuitive, actionable insights: The Legit Posture Score is designed for all developers and security pros to quickly and intuitively glean insights, triage issues, and prioritize fixes with surgical precision throughout their SDLC. With modern dashboards and intuitive, drill-down navigation, AppSec leaders can seamlessly benchmark and compare posture performance by any number of predefined applications, asset groups, pipelines, or organizational segments.
- Broad inclusion of cross-industry best practices and standards: The Legit Posture Score incorporates application security best practices and requirements from the most important regulations and industry frameworks on the market today (including NIST SSDF, SLSA, OSSF S2C2F, ISO 27001, and more), setting a new vision for what a secure, efficient software factory looks like today.
Empowering organizations with security confidence
“The Legit Posture Score provides organizations with an objective, reliable, and easy-to-understand measurement of their security posture across the SDLC in real-time,” said Lior Barak, Chief Product and Engineering Officer at Legit Security. “By incorporating an incredibly broad set of ASPM parameters and best-practice frameworks into our scoring model, and cross-referencing all of it against our deep, unmatched SDLC visibility, the new Legit Posture Score empowers security teams not only to rapidly detect and prioritize critical issues, but also to establish a true DevSecOps culture while continuously driving improvement.”
This new feature further enhances the Legit ASPM platform, providing security and development teams with the ability to measure, compare, and improve their application security posture over time, ensuring their software factories and applications in development are being built with the highest security standards in mind.