Flexera, the company that’s reimagining how software is bought, sold, managed and secured, today announced that its world-renowned Flexera Software Vulnerability Database is now integrated into FlexNet Code Insight – the market-leading open source license and vulnerability detection platform. The integration gives software developers unparalleled insight into vulnerabilities that may lurk within their open source code, and the ability to remediate those vulnerabilities before shipping their products to customers.
“Finding open source security vulnerabilities in packages, all the way to deep dependencies, has always been a priority for Flexera,” said Jeff Luszcz, Vice President of Product Management at Flexera. “This integration gives developers access to the deepest and most trusted vulnerability database in the world to help them minimize vulnerability risk. Our customers can leverage the combined strength of FlexNet Code Insight, powered by the National Vulnerability Database (NVD) and the Flexera Software Vulnerability Database, to significantly reduce the risk window between identifying and remediating vulnerabilities – before exploitation leads to costly breaches.”
Better Vulnerability Data Helps Close the Risk Window
The use of open source components in software development is skyrocketing. A decade ago, developers were using less than 100 open source libraries per release. Today, some industries are using more than 3,000. As open source dependency increases, software suppliers need to help ensure a safer software supply chain by truly understanding the vulnerability risk and compliance requirements they’re inheriting from the open source code they use.
As many companies have discovered the hard way, there’s an unacceptable risk window that persists between the discovery of a software vulnerability and when the patch is successfully installed. According to Flexera’s Vulnerability Review 2017, 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors. 81 percent of those vulnerabilities had patches available on the same day as disclosure. But, on average, it takes companies 186 days to completely install those patches1. This risk window gives hackers plenty of opportunity to exploit vulnerabilities, and perpetrate attacks with costly consequences to businesses.
Flexera Software Vulnerability Database powers its market-leading Software Vulnerability Management solutions. By integrating this powerful database with FlexNet Code Insight, Flexera gives developers unparalleled ability to protect themselves and their customers from the potentially devastating effects arising when open source vulnerabilities are exploited.
With today’s announcement, FlexNet Code Insight is narrowing the risk window – providing comprehensive intelligence on discovered vulnerabilities. Organizations can now protect their products – and their customers – faster by identifying vulnerabilities as soon as they’re made public. Armed with better information, sooner, they’re then in a much better position to assess, prioritize and patch vulnerabilities before they’re exploited. Additionally, FlexNet Code Insight is able to alert development and security teams when new vulnerabilities are discovered in already shipping software.
“After the Equifax breach, which was caused by an exploitation of the Apache Struts 2 open source component, the world now understands the dire risks that occur when software suppliers unknowingly ship vulnerable components in their products, endangering the software supply chain,” added Luszcz. “Flexera now offers the most powerful tools available to help suppliers avoid that liability.”