Kenna Security is now part of Cisco

|Learn more

Comprehensive Application Security Requires Open Source Vulnerability Detection

Feb 26, 2019
Kenna Security

Share with Your Network

Modern application security programs have unique requirements based on the complexity of the applications, themselves. Apps are comprised of multiple components, including runtime libraries, 3rd-party libraries, and custom code. In addition, an increasingly popular component among developers is open source software, because it helps development teams build robust custom apps without having to write every line of code themselves. It also enables them to collaborate with other teams that have specific expertise they need to maximize the value of their application.

In fact, open source has become so popular that, according to research conducted by open source governance firm Sonatype, 80 to 90 percent of every modern application is comprised of open source components, and the average enterprise employs more than 150,000 open source libraries. And, as you might suspect, along with that rising popularity comes an increase in the number of threats they pose, due to vulnerabilities in the code.

In fact, Sonatype’s research also found that 51 percent of JavaScript packages downloaded had a known vulnerability and additional reports indicate that 12.1 percent of all Java packages had a known vulnerability in 2017. Yet despite the growing number of open source vulnerabilities, most organizations still can’t adequately address them, leaving them vulnerable to a wide range of threats at the application layer.

That’s why Kenna is pleased to announce a strategic partnership with Sonatype to enhance the open source vulnerability and policy detection capabilities of the Kenna Application Risk Module.

Full context is required for a modern application security program—and that necessitates a wide range of application security tools that not only address the various stages of the application development process, but also have the ability to inspect the wide range of components that comprise the application.

Sonatype delivers a critical component to modern application security programs by enabling organizations to discover vulnerabilities in their open source components while Kenna integrates, normalizes, and de-duplicates this essential application security data with data from a wide range of other application security sources. As a result, application security and development teams benefit from enhanced visibility to help them better identify, prioritize, and remediate their critical application vulnerabilities.

Click here to see the full announcement.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.