ForAllSecure, the world’s most advanced application security testing company, today announced the debut of its runtime dynamic Software Bill of Materials (SBOM) solution for its Mayhem Security product to show organizations which components are present at runtime and further prioritize each in order of risk and speed remediation for open source and other third-party software vulnerabilities in code, saving organizations valuable remediation time and resources.
Mayhem now generates a runtime-aware SBOM of components on the application attack surface, and uses this intelligence to prioritize and filter results from Software Composition Analysis (SCA), Static Application Security Testing (SAST), and similar tools. This eliminates AppSec noise and overhead for developers, allowing them to focus on remediating real security issues.
Managing software supply chain risks is crucial in today’s security threat landscape. Open source software (OSS) saves developers time by accessing, modifying, and distributing prewritten source code. However, attackers can also target open-source software for supply chain attacks. Threats like Solar Winds and Keysa use lower-level vulnerabilities to pivot into large organizations. Latent, unpatched vulnerabilities are common within popular OSS and can have significant consequences in today’s software-dependent world.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends that all software provide an inventory of open-source components and other code dependencies.
Following ForAllSecure’s release of estimated CVSS scores for each defect found to help prioritize remediation found during analysis, the new dynamic SBOM solution continues to validate and prioritize the importance of the results provided by Mayhem.
To see Mayhem’s dynamic SBOM in action, request a demo at https://www.mayhem.security/contact.
Like this:
Like Loading...
Related
This entry was posted on October 4, 2023 at 9:00 am and is filed under Commentary with tags ForAllSecure. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
ForAllSecure Announces First Dynamic Software Bill of Materials for Application Security
ForAllSecure, the world’s most advanced application security testing company, today announced the debut of its runtime dynamic Software Bill of Materials (SBOM) solution for its Mayhem Security product to show organizations which components are present at runtime and further prioritize each in order of risk and speed remediation for open source and other third-party software vulnerabilities in code, saving organizations valuable remediation time and resources.
Mayhem now generates a runtime-aware SBOM of components on the application attack surface, and uses this intelligence to prioritize and filter results from Software Composition Analysis (SCA), Static Application Security Testing (SAST), and similar tools. This eliminates AppSec noise and overhead for developers, allowing them to focus on remediating real security issues.
Managing software supply chain risks is crucial in today’s security threat landscape. Open source software (OSS) saves developers time by accessing, modifying, and distributing prewritten source code. However, attackers can also target open-source software for supply chain attacks. Threats like Solar Winds and Keysa use lower-level vulnerabilities to pivot into large organizations. Latent, unpatched vulnerabilities are common within popular OSS and can have significant consequences in today’s software-dependent world.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends that all software provide an inventory of open-source components and other code dependencies.
Following ForAllSecure’s release of estimated CVSS scores for each defect found to help prioritize remediation found during analysis, the new dynamic SBOM solution continues to validate and prioritize the importance of the results provided by Mayhem.
To see Mayhem’s dynamic SBOM in action, request a demo at https://www.mayhem.security/contact.
Share this:
Like this:
Related
This entry was posted on October 4, 2023 at 9:00 am and is filed under Commentary with tags ForAllSecure. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.