Join us on November 9 to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers at the Low-Code/No-Code Summit. Register here.
Ever since Log4j highlighted the dangers of insecure open source components, securing the software supply chain has become a top priority, to the point where organizations pledged to invest $30 million into helping maintain these projects at the Open Source Software Security Summit II.
However, there is still lots of work to be done to improve the standard of open source security, and Log4j stands as a testament to the damage that vulnerable java-based components can reap.
That’s why today, security vendor Azul announced the release of Azul Vulnerability Detection, an agentless cloud-solution designed for identifying and tracking Java vulnerabilities.
It’s a solution designed to help enterprises identify and track code and check it against a curated database of common vulnerabilities and exposures (CVEs) so they can accurately identify Java vulnerabilities with minimal performance impact.
Event
Low-Code/No-Code Summit
Learn how to build, scale, and govern low-code programs in a straightforward way that creates success for all this November 9. Register for your free pass today.
Register Here
Taking inventory of the software supply chain
The announcement comes shortly after the Biden administration released the Executive Order on Improving the Nation’s Cybersecurity, which calls on enterprises working with the federal government to establish a Software Bill of Materials (SBOM) to ascertain whether certain components are vulnerable.
It also comes as software supply chain attacks continue to increase.
“Software supply chain attacks are rapidly increasing; Gartner says they’ll triple over the next few years. The proliferation of third-party code in software applications is driving much of this risk,” said Senior Director of Product Management, Erik Costlow.
“Vulnerabilities in Java libraries and components are a substantial vector of attack, as evidenced by Log4Shell, which the Department of Homeland Security called “one of the most serious software vulnerabilities of all time,” Costlow said.
Scanning for vulnerabilities helps organizations to accurately assess their risk exposure so they can take action to mitigate it, or decrease reliance on compromisable software components.
Other vulnerability detection providers
Azul is competing against Oracle with Oracle Cloud Infrastructure (OCI) Vulnerability Scanning Service. Oracle also recently announced raising $11.8 billion in Q4 revenue.
Another competitor is Acunetix, which also offers a Java vulnerability scanner to detect and test web applications that run on JavaScript frameworks
Some of the key differences between Azul and these competitors are that its solution uses a Java Virtual Machine to run the software with a lower performance impact, and its enhanced detection capabilities. “We believe we fill a critical gap in this market by focusing on ongoing detection point of use in production,” Costlow said.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25407815/Screen_Shot_2024_04_18_at_4.13.30_PM.png)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25379380/247075_Humane_AI_pin_AKrales_0499.jpg)
