Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
Ever since Log4j highlighted the dangers of insecure open source components, securing the software supply chain has become a top priority, to the point where Amazon, Ericsson, Google, Intel, Microsoft and VMWare joined forces to pledge to invest $30 million to help maintain these projects at the Open Source Software Security Summit II.
However, there is still lots of work to be done to improve the standard of open source security, and Log4j stands as a testament to the damage that vulnerable java-based components can reap.
That’s why today, security vendor Azul announced the release of Azul Vulnerability Detection, an agentless cloud-solution designed for identifying and tracking Java vulnerabilities.
It’s a solution designed to help enterprises identify and track code and check it against a curated database of common vulnerabilities and exposures (CVEs) so they can accurately identify Java vulnerabilities with minimal performance impact.
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
Taking inventory of the software supply chain
The announcement comes shortly after the Biden administration released the Executive Order on Improving the Nation’s Cybersecurity, which calls on enterprises working with the federal government to establish a Software Bill of Materials (SBOM) to ascertain whether certain components are vulnerable.
It also comes as software supply chain attacks continue to increase.
“Software supply chain attacks are rapidly increasing; Gartner says they’ll triple over the next few years. The proliferation of third-party code in software applications is driving much of this risk,” said senior director of product management, Erik Costlow.
“Vulnerabilities in Java libraries and components are a substantial vector of attack, as evidenced by Log4Shell, which the Department of Homeland Security called “one of the most serious software vulnerabilities of all time,” Costlow said.
Scanning for vulnerabilities helps organizations to accurately assess their risk exposure so they can take action to mitigate it, or decrease reliance on compromisable software components.
Other vulnerability detection providers
Azul is competing against Oracle with Oracle Cloud Infrastructure (OCI) Vulnerability Scanning Service. Oracle also recently announced raising $11.8 billion in Q4 revenue.
Some of the key differences between Azul and these competitors are that its solution uses a Java Virtual Machine to run the software with a lower performance impact, and its enhanced detection capabilities. “We believe we fill a critical gap in this market by focusing on ongoing detection point of use in production,” Costlow said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.