Are you ready to bring more awareness to your brand? Consider becoming a sponsor for The AI Impact Tour. Learn more about the opportunities here.
Ever since Log4j highlighted the dangers of insecure open source components, securing the software supply chain has become a top priority, to the point where Amazon, Ericsson, Google, Intel, Microsoft and VMWare joined forces to pledge to invest $30 million to help maintain these projects at the Open Source Software Security Summit II.
However, there is still lots of work to be done to improve the standard of open source security, and Log4j stands as a testament to the damage that vulnerable java-based components can reap.
It’s a solution designed to help enterprises identify and track code and check it against a curated database of common vulnerabilities and exposures (CVEs) so they can accurately identify Java vulnerabilities with minimal performance impact.
The AI Impact Tour
Connect with the enterprise AI community at VentureBeat’s AI Impact Tour coming to a city near you!
Taking inventory of the software supply chain
The announcement comes shortly after the Biden administration released the Executive Order on Improving the Nation’s Cybersecurity, which calls on enterprises working with the federal government to establish a Software Bill of Materials (SBOM) to ascertain whether certain components are vulnerable.
It also comes as software supply chain attacks continue to increase.
“Software supply chain attacks are rapidly increasing; Gartner says they’ll triple over the next few years. The proliferation of third-party code in software applications is driving much of this risk,” said senior director of product management, Erik Costlow.
“Vulnerabilities in Java libraries and components are a substantial vector of attack, as evidenced by Log4Shell, which the Department of Homeland Security called “one of the most serious software vulnerabilities of all time,” Costlow said.
Scanning for vulnerabilities helps organizations to accurately assess their risk exposure so they can take action to mitigate it, or decrease reliance on compromisable software components.
Other vulnerability detection providers
Some of the key differences between Azul and these competitors are that its solution uses a Java Virtual Machine to run the software with a lower performance impact, and its enhanced detection capabilities. “We believe we fill a critical gap in this market by focusing on ongoing detection point of use in production,” Costlow said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.