WhiteSource, an application security company, has today announced a new security platform that can be used for open-source software and custom code remediation. In addition to this, the company announced a new brand identity and name; Mend. The company noted that the rebranding represents its commitment to eliminating the silos that currently exist between security and development teams.
Devops adoption increasing attack surface
Application attack surface is evolving as a result of software adoption. Attackers have discovered that because networks are secure, applications are often the weakest links, most are not properly secured. A result of the increasing number of vulnerabilities left by outdated application security solutions, applications are becoming more appealing targets. One study found that 99.7% of applications have at least one vulnerability.
Added to this is the growing pressure on organizations to deliver software at a faster pace. Organizations are under increasing pressure to safeguard applications while also providing software more quickly. Another study claims that over half of organizations in the company security industry have routinely released dangerous code.
According to Rami Sass, the company''s cofounder and CEO, Mend cuts the tradeoff between security and development delivery schedules by providing a solution that automates the surface of the software attack while alleviating the majority of the burden of application security.
Automated remediation for SAST
Mend claims it is the first company to automate software remediation for SAST and Mends'' existing ability to remediate SCA.
SAST is a popular application security tool that searches an application source, binary, or byte code for vulnerabilities and fixes them. SCA is a feature security approach that allows development teams to quickly track and analyze any open-source component that is introduced into a project.
While SAST solutions investigate an application from the inside out and do not require a running system to scan, SCA acts like a gatekeeper, inspecting for unlocked gates and open windows that might allow an intruder access. SCA examines source code for package managers, container images, and binary files and records them in a Bill of Materials (BOM).
SQL injections, server-side injections, and command injections are just a few of the weaknesses that can be exploited. While it is uncommon to find software that includes both SAST and SCA, a research has found that software security programs that include both SAST and SCA are more thorough and organizations that use it.
Mend claims that its application security platform allows both open-source and custom code remediation with exact patches for each line of code, permettant to any level of developer to effortlessly produce quality and secure code.
Application security solutions could only provide training materials and examples to assist developers in identifying each security problem they encountered. According to a Synopsys research, this inadequate process requires developers to choose between security and meeting deadlines.
Mend, on the other hand, claims that its platform provides automated remediation for SCA and SAST, which is then placed in the developer repository in order to allow easy integration into the development process. The company believes that the developer must ensure that everything is managed securely.
Supply chain defender integration
Mend''s supply chain partner, previously known as WhiteSource Diffend, will be integrated with its existing Jfrog Artifactory plugin, according to its announcement.
Hardware and software, as well as cloud and local storage and distribution mechanisms, are all part of the supply chain. These are known as third-party attacks, which are becoming more prevalent in cybersecurity.
CI/CD is a best practice that allows software development teams to concentrate on meeting their business objectives while also ensuring code quality and security. As a result, the software supply chain has evolved into a popular target for hackers.
Since the SolarWinds breaches, supply chain attacks have increased by 430%. Given that not every attack is reported or detected, the true number is likely higher. Malicious attackers have used flexible targets to make their efforts difficult to detect and most likely to reach desirable targets.
A combination of supply chain attacks is particularly susceptible to customers, causing them to be used to perform any type of cyberattack, such as a data breach, in which private, sensitive, or protected information is duplicated, access, acquired, or distributed for use by an unauthorized person.
With the Mend platform plugin for the Artifactory registry, Mend believes its supply chain defender is a platform that detects and blocks this malicious open-source software.
The company claims that all open-source and custom code results are shown in a custom or third-party code repository for a unified view inside the developer native environment.
According to Josh Johnson, the business development of Defy Security''s solutions architecture, the vulnerability detection and management have primarily focused on this information.
We are very pleased to see Mend continue its dedication to solving code-based security concerns with automated remediation under this new brand. According to Johnson, Defy Security is excited to see their automation capabilities for fixing security vulnerabilities be enhanced.