Debricked and KRY – Simplifying Open Source Security
When KRY launched their digital healthcare service in 2015, the Swedish system was somewhat revolutionized. Having to wait weeks for a doctors appointment was no longer an issue, as you could now speak with a healthcare provider on a video call almost on demand.
When KRY became a customer at Debricked, we were very happy and proud to be able to help them secure the open source that they use in their service. We asked Carlos, Security Engineer at KRY, to tell us a little about how they work with security in the company in general as well as the development team.
Hey there Carlos, how are you today?
I am good. Really happy that summer weather has reached Stockholm!
Most people probably already know what KRY does, but can you tell us a little in your own words?
KRY is a fast digital health provider that wants to change digital healthcare. It started with enabling digital meetings between patients and doctors and now also own physical clinics. We are not only in Sweden, also in Norway, Germany, UK and France. In other markets we are known as LIVI. We are growing really fast so I guess that soon we will be in new markets!
Can you tell us what your role as a Security Engineer entails?
As a Security Engineer I basically need to support the KRY organization with security matters. It can be a security check of a new vendor or partner, supporting developers with security implementations, making sure our environment is secured, running security testing in our products and much more. There are many things to be done, which means that I never get bored 🙂
Since KRY is a healthcare company and handles a lot of sensitive data, I guess that security is an important aspect. How do you work with security when developing the product?
You are right! Patient data is our top priority. We have implemented security measures to control critical parts and at the same time allow freedom to developers by trusting them. We try to create security awareness in the company by sharing security issues and solutions and being more transparent.
You have been using Debricked now for a little while, how do you use it in your daily workflow?
Our source code uses many open source libraries and since we are growing very fast, even more libraries are added. As you can imagine, it was difficult to keep track of the dependencies and make sure that they were secured in all our projects. With the help of Debricked, this process becomes much easier. Now the developers are the ones who check for vulnerabilities, as it is integrated with our git repository.
Lastly, do you have any exciting things coming up or anything else that you would like to share?
We have very exciting news since last week! Now we have physical clinics to give better services. KRY has acquired Helsa, which is a healthcare company with physical clinics in many parts of Sweden. So, now we will be able to give even better service both digitally and physically.
Are you interested in finding out easier and more effective ways to handle security in open source? Read more about our tool and what we do here.