Learn how Maze uses Coana's reachability analysis to prioritize vulnerabilities, reducing manual work and enhancing efficiency.
Written by
Industry
User Research
Location
Global remote
Number of engineers
40
Programming languages
JavaScript/TypeScript
Maze is a continuous product discovery platform that supports over 60,000 teams in driving user-centric product research. The security and platform team at Maze encountered significant challenges in handling software vulnerabilities because of their extensive use of open source dependencies in their comprehensive TypeScript-based codebase. They were overwhelmed with vulnerabilities due to limitations in their current tools. This created an urgent requirement for an effective solution to manage and prioritize these vulnerabilities.
Atte Huhtakangas, Maze's Engineering Manager, highlights the challenges they encountered:
"Having a large number of repositories, including a large monorepo, made it difficult to prioritize which vulnerabilities to address first. We attempted to use a few traditional SCA tools to scan for vulnerabilities, but they produced too much noise."
Huhtakangas is referring to the noise caused by the high number of false alarms reported by traditional vulnerability scanners. In a typical application, it is estimated that between 80% and 95% of reported vulnerabilities are actually false alarms. Therefore, Maze faced the challenge of determining which alarms were irrelevant and could be deprioritized.
The turning point for Maze came with the adoption of Coana. Attracted by Coana’s reachability analysis, Maze found a powerful tool to distinguish exploitable vulnerabilities from those that are not a concern. This ability to prioritize vulnerabilities based on their actual impact on the software significantly streamlined Maze’s security processes.
With Coana, the security team at Maze experienced a transformation in its vulnerability management approach.
“Coana has been instrumental in identifying which vulnerabilities are reachable, allowing us to concentrate on those that truly matter. This has not only streamlined our security operations but also reduced the burden on our engineering teams, freeing them up to focus on delivering more value for the business,” shares Huhtakangas.
This has led to a significant reduction in manual tasks and a more efficient triaging process. With Coana, Maze is able to minimize manual intervention, thereby enhancing operational efficiency and meeting vulnerability response SLAs more effectively.
Huhtakangas strongly recommends Coana to similar organizations overwhelmed by vulnerabilities.
“Coana has proven its value in addressing vulnerabilities that truly matter, saving significant time and resources. It’s a game-changer for any team overwhelmed by the sheer volume of security alerts,” he concludes.
For organizations seeking to optimize their vulnerability management, Maze’s experience with Coana offers a compelling case study.
Ready to explore how Coana can improve vulnerability management for you? Book a short demo below.
Maze is the leading continuous product discovery platform that product teams use to continuously collect and consume user insights across the entire product development cycle. With solutions for participant recruitment, product research, and reporting, Maze enables everyone to run great research, make better product decisions, and scale insights company-wide.
For more information on Maze, visit www.maze.co and follow @mazedesignhq.