Hi everyone! We’re Sten and Kevin, founders of Remy Security.
Remy helps security teams conduct security design reviews more quickly and effectively. Using LLMs to analyze the design documents, Remy generates targeted insights and questions to raise to the authors.
Security design reviews are essential during the software development cycle as they mitigate risks before they become problems down the line. It’s more expensive to address breaches than it is to look for potential weaknesses at design time.
It’s difficult and expensive to review designs. The types of threats that the reviewer must consider are endless, and it’s easy to miss key risk areas even for experts. Security team and engineering team members must meet in order to discuss the design’s context and the risks that need to be addressed. Such meetings are expensive, time-consuming, and often disorganized.
Security teams are understaffed. A 1:60 ratio is common for headcount between security and engineering staff. With such a skew, security teams often struggle to keep up with requests, forcing them to skip reviews or delay the development lifecycle.
Remy finds designs that the security team should be aware of and makes a first pass at reviewing them using LLMs. It hands off its assessment to members of the security team, who make the final judgements on what questions/comments need to be raised in the document.
Users can view a list of designs to review, view their risk levels, and prioritize the most important ones to work on.
For each document, Remy generates questions and feedback for you to send to the authors. Leveraging LLMs, Remy provides targeted insights into the specific risks of each design.