Blog

Comprehensive Application Security Requires Open Source Vulnerability Detection

Modern application security programs have unique requirements based on the complexity of the applications, themselves. Apps are comprised of multiple components, including runtime libraries, 3rd-party libraries, and custom code. In addition, an increasingly popular component among developers is open source software, because it helps development teams build robust custom apps without having to write every line of code themselves. It also enables them to collaborate with other teams that have specific expertise they need to maximize the value of their application.

In fact, open source has become so popular that, according to research conducted by open source governance firm Sonatype, 80 to 90 percent of every modern application is comprised of open source components, and the average enterprise employs more than 150,000 open source libraries. And, as you might suspect, along with that rising popularity comes an increase in the number of threats they pose, due to vulnerabilities in the code.

In fact, Sonatype’s research also found that 51 percent of JavaScript packages downloaded had a known vulnerability and additional reports indicate that 12.1 percent of all Java packages had a known vulnerability in 2017. Yet despite the growing number of open source vulnerabilities, most organizations still can’t adequately address them, leaving them vulnerable to a wide range of threats at the application layer.

That’s why Kenna is pleased to announce a strategic partnership with Sonatype to enhance the open source vulnerability and policy detection capabilities of the Kenna Application Risk Module.

Full context is required for a modern application security program—and that necessitates a wide range of application security tools that not only address the various stages of the application development process, but also have the ability to inspect the wide range of components that comprise the application.

Sonatype delivers a critical component to modern application security programs by enabling organizations to discover vulnerabilities in their open source components while Kenna integrates, normalizes, and de-duplicates this essential application security data with data from a wide range of other application security sources. As a result, application security and development teams benefit from enhanced visibility to help them better identify, prioritize, and remediate their critical application vulnerabilities.

Click here to see the full announcement.