Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.


Ever since Log4j highlighted the dangers of insecure open source components, securing the software supply chain has become a top priority, to the point where Amazon, Ericsson, Google, Intel, Microsoft and VMWare joined forces to pledge to invest $30 million to help maintain these projects at the Open Source Software Security Summit II

However, there is still lots of work to be done to improve the standard of open source security, and Log4j stands as a testament to the damage that vulnerable java-based components can reap. 

That’s why today, security vendor Azul announced the release of Azul Vulnerability Detection, an agentless cloud-solution designed for identifying and tracking Java vulnerabilities

It’s a solution designed to help enterprises identify and track code and check it against a curated database of common vulnerabilities and exposures (CVEs) so they can accurately identify Java vulnerabilities with minimal performance impact. 

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

Taking inventory of the software supply chain 

The announcement comes shortly after the Biden administration released the Executive Order on Improving the Nation’s Cybersecurity, which calls on enterprises working with the federal government to establish a Software Bill of Materials (SBOM) to ascertain whether certain components are vulnerable. 

It also comes as software supply chain attacks continue to increase. 

“Software supply chain attacks are rapidly increasing; Gartner says they’ll triple over the next few years. The proliferation of third-party code in software applications is driving much of this risk,” said senior director of product management, Erik Costlow. 

“Vulnerabilities in Java libraries and components are a substantial vector of attack, as evidenced by Log4Shell, which the Department of Homeland Security called “one of the most serious software vulnerabilities of all time,” Costlow said. 

Scanning for vulnerabilities helps organizations to accurately assess their risk exposure so they can take action to mitigate it, or decrease reliance on compromisable software components. 

Other vulnerability detection providers 

Azul is competing against Oracle with Oracle Cloud Infrastructure (OCI) Vulnerability Scanning Service. Oracle also recently announced raising $11.8 billion in Q4 revenue

Another competitor is Acunetix, which also offers a Java vulnerability scanner to detect and test web applications that run on JavaScript frameworks

Some of the key differences between Azul and these competitors are that its solution uses a Java Virtual Machine to run the software with a lower performance impact, and its enhanced detection capabilities. “We believe we fill a critical gap in this market by focusing on ongoing detection point of use in production,” Costlow said. 

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.