SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

npm Buys Lift Security and Node Security Platform

April 11, 2018

npm has bought ^Lift Security and its Node Security Platform. The acquisition advances npm’s initiatives to improve the security of open source software, and to develop products that help companies develop JavaScript securely.

“npm is, and will remain, at the center of these workflows. As companies increasingly rely on open source software and integrating this with proprietary code, we are uniquely positioned to help.”

Since its founding, npm, Inc. has relied upon ^Lift Security to assess the security of the npm Registry, analyze the software developers publish to the registry, and identify and catalog security vulnerabilities in open source code. The ^Lift team also has curated and maintained the public Node Security Platform database, which furnishes valuable data about JavaScript vulnerabilities to other developers and security vendors at no cost. ^Lift customers include Netflix, Mozilla, Morningstar, Intuit and Redfin.

Today, there are more than 9.7 million JavaScript developers and 4.2 billion end-users who rely on JavaScript applications. A recent survey conducted by npm in collaboration with the Node.js Foundation and JS Foundation reveals that 77 percent of developers are concerned about the security of open source code—although a larger number believe it is more secure than the code they develop themselves.

“npm is where the Node Security Platform belongs,” said Adam Baldwin, founder of ^Lift Security, who joins npm, Inc. as its Head of Security. “All NSP users are npm users, and the security of open source code is core to npm’s mission. By combining our resources, we can deliver a continuous approach to security at scale, empowering millions of developers to build more secure code—and be prepared to defend against and respond to threats as they encounter them.”

“^Lift’s expertise and the wealth of knowledge embodied in the Node Security Platform are unparalleled and impossible to imitate,” said Isaac Z. Schlueter, founder and chief executive of npm, Inc. “As one team, we’ll continue keeping the npm Registry safe, and develop new ways to help individuals and companies understand and trust the JavaScript code they write and share. Uniting NSP and npm is the single best way to make JavaScript safer for consumers, publishers and enterprises.”

The ^Lift acquisition is the first in a series of strategic security initiatives npm plans to announce in the coming weeks.

Later this month, npm will introduce a series of new security features available to every user of the npm Registry, directly integrated into npmjs.com and the npm command-line software tool. The company also will introduce a suite of security products tailored to the unique requirements of corporate software developers and enterprises in areas that include auditing, insights and analysis, security policy and software licensing.

“Security is the responsibility of every part of an organization, so it needs to be intermixed with engineering, operations and application deployment,” Schlueter said. “npm is, and will remain, at the center of these workflows. As companies increasingly rely on open source software and integrating this with proprietary code, we are uniquely positioned to help.”

Terms of Use | Copyright © 2002 - 2018 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement