Bex AI - Secure by design through conversational security

Bex, our AI companion enables Secure by Design to be the default setting for developer work.

Finally, a secure by design plugin that meets you where you work; Jira.

Not a security expert? With Bex AI you don’t need to be. The Jira plugin will automatically assess your Jira Epic or Task and will give you recommended actions to take to improve the security of your software, by design.

Simply tag @BexAI in your Jira Epic or Task, to get real-time and natural interactions on how your product or service can be improved to consider wider security issues. Stick to what you are best at - developing - create products and applications which are secure by design and by default. Get your hands on this plugin today by heading over to Atlassian Marketplace.

Let’s take a step back, what is Secure by Design?

Secure by Design (SbD) is a principle in software engineering which focuses on baking security in the design phase instead of doing it later on the software development lifecycle (SDLC). Resulting in products which are secure from the start and more resilient to potential cyber attacks.

This principle is being adopted and even mandated by certain organizations such as CISA, which states ‘Every technology provider must take ownership at the executive level to ensure their products are secure by design’. In the UK, these principles are mandatory for government departments; ‘The foundations required for embedding cyber security practices in digital delivery and building resilient digital services.’

This approach is becoming more popular and widely used due to a need for increased cybersecurity to manage risk, anticipate and respond to vulnerabilities, while creating a secure and reliable product or service.

Added pressure on busy Developers

Development teams continue to be under pressure to develop secure code, however they have time restraints and are not security professionals.

Going back and forth to security teams not only slows down development, it adds frustration to developers, especially when the ratio of Development to Security is usually very high, with a small number of security people to a high quantity of developers. Adding in another layer of security with SbD, can feel like an impossible task.

A security tool for developers - Bex AI

The developers writing the code for these products and services are talented at what they do, but are not cybersecurity experts. With Bex AI, while they are at the inception of their code, application or idea, they can receive real-time feedback and security considerations with SbD principles. Resulting in an end product which is secure by design - even before it has gone through proactive security techniques such as threat modeling.

Even if the developer is good at security (e.g. a Security Champion), Bex can help with blindspots and other things that may not have been considered.

FAQs

What is the primary purpose of Bex AI?

keyboard_arrow_down

Bex AI helps you to build applications and services that are secure by design, because it embeds security guidance straight into the tool you use to collaborate on the design - Jira.

How does Bex AI help developers improve code security?

keyboard_arrow_down

By giving you insight into the risk associated with your Jira tasks, as well as recommending actions that you can take immediately to improve the security of your application.

Can Bex AI be used by developers with no security experience?

keyboard_arrow_down

Absolutely! Bex AI does not require any security experience, it gives you the security guidance you need in a way that is easy to understand and act on. And if you have questions, you can always just tag Bex AI in a comment to continue the conversation.

How does Bex AI provide real-time security feedback?

keyboard_arrow_down

Bex AI automatically analyzes the security risk of your Jira task, giving you an easy to understand risk rating. It also gives you a summary of the risk as well as suggested changes to the Jira task description that would clarify the security posture. Bex AI will also generate recommended actions to take to improve the security, along with the threat context and implementation details such as source code examples.

How do I integrate Bex AI with Jira?

keyboard_arrow_down

Simply install Bex AI from the Atlassian marketplace here.

Does Bex AI support Jira Cloud and Data Center?

keyboard_arrow_down

Bex AI is currently only available for Jira Cloud.

How do I trigger security assessments using Bex AI?

keyboard_arrow_down

These happen automatically when the Bex AI plugin is loaded for a Jira task for the first time. You can later regenerate the assessment at the click of a button.

What types of security risks does Bex AI detect?

keyboard_arrow_down

Virtually anything, depending on the context of the Jira task. If the task is about implementing a web form, you’ll get recommendations related to protecting forms. If it is about building a cloud service, it’ll give you recommendations about cloud controls. 

Can Bex AI be used to assess all types of Jira issues?

keyboard_arrow_down

Yes, Bex AI will work with any issue type including Epics, Tasks, and Stories.

Does Bex AI generate detailed security reports?

keyboard_arrow_down

No, Bex AI is focused on helping developers take action to improve security as early and as easily as possible. It is not a replacement for compliance or security reports.

How long does Bex AI take to respond to security queries?

keyboard_arrow_down

Generating the security rating takes just a few seconds. Creating the recommended actions can take a minute or two because behind the scenes we’re assessing potential attacks, rating them, identifying potential mitigations, rating them, then giving you the ones that matter.

What security frameworks does Bex AI follow?

keyboard_arrow_down

Bex AI does not formally follow any security frameworks, although it is very compatible with most threat modeling and Secure by Design activities.

How often are Bex AI’s security recommendations updated?

keyboard_arrow_down

Whenever you’ve asked for them to be updated. After some time you may want to generate a new set of recommended actions. This might be because some have been implemented, or because the context of the Jira tasks has changed.

Does Bex AI store sensitive project data?

keyboard_arrow_down

Bex AI only stores Jira information and the generated content for 30 details to ensure we’re delivering the best quality guidance. Your Jira data is sent to OpenAI and they store it for 30 days, but your data is not used to train any AI models.

Can Bex AI be customized for specific security requirements?

keyboard_arrow_down

No, our focus is on ease of use and simplicity. There is no configuration required, just install Bex AI and you’re ready to go.

What are the Secure by Design (SbD) principles in Bex AI?

keyboard_arrow_down

Secure by Design (SbD) is a principle in software engineering which focuses on baking security in the design phase instead of doing it later on the software development lifecycle (SDLC). Resulting in products which are secure from the start and more resilient to potential cyber attacks.

This principle is being adopted and even mandated by certain organizations such as CISA, which states ‘Every technology provider must take ownership at the executive level to ensure their products are secure by design’. In the UK, these principles are mandatory for government departments; ‘The foundations required for embedding cyber security practices in digital delivery and building resilient digital services.’

This approach is becoming more popular and widely used due to a need for increased cybersecurity to manage risk, anticipate and respond to vulnerabilities, while creating a secure and reliable product or service.

How does Bex AI handle complex security vulnerabilities?

keyboard_arrow_down

Bex AI is able to understand the entire context of the Jira task, and so can infer the best recommendations given the available context. Bex AI is not designed to replace traditional approaches to threat modeling, where you may need to model and visualize inter-connected systems at a high level. Complex vulnerabilities that arise as a result of different disparate systems working together can be identified by threat modeling. Having said that, if your Jira task such as an Epic describes this high level context (and isn’t for example a detailed task or user story), then Bex AI will also identify high-level threats and recommended actions.

Is Bex AI suitable for large development teams?

keyboard_arrow_down

Yes! Bex AI can work for individuals as well as large development departments, because it is centered around the Jira tasks.

Can Bex AI integrate with other developer tools besides Jira?

keyboard_arrow_down

Not at the moment.

What kind of support is available for troubleshooting Bex AI?

keyboard_arrow_down

If you need help with Bex AI, check out our website. If you’re still having issues, you can contact our support team here.

What is the Service Level Agreement for Bex AI?

keyboard_arrow_down

Support for Bex AI is available during usual business hours, Monday to Friday from 9am to 5pm CET. We aim to fix major issues within 48 hours. If you need help contact us via the Contact Us form.