Trend Micro has launched a new Cloud One service that finds vulnerabilities, improves visibility, and provides tracking automation for open-source software.
The new service, a co-built SaaS solution with Snyk, is designed to provide continuous insight into open-source vulnerabilities, enable risk management, and drive data-driven decisions.
Open Source Security by Snyk is the latest Cloud One service and the first partner addition to the platform, which is available through the channel and AWS Marketplace.
This is the first service to provide visibility into open-source software vulnerabilities for security operation teams. The utilization of open-source code components is quickly expanding due to the speed, flexibility, extensibility, and quality they offer application development teams. According to Snyk, 80% of application code today is open-source.
Gartner notes in their Market Guide for Software Composition Analysis that open-source software is employed in nearly all organizations. It says this introduces risks from readily exploitable vulnerabilities and creates larger attack surfaces through which malware and malicious code can gain access, compromise proprietary code and infrastructure, and cause legal and intellectual property exposures.
According to Snyk, there has been a 2.5x growth in open-source vulnerabilities over the past three years, making it more critical than ever to deliver security further into the DevOps pipeline. But it says process gaps, mismatched toolsets, and communication challenges between SecOps and DevOps are commonplace.
This often means security practitioners can face an uphill battle and lack visibility into application build-time risks.
"Together, Snyk and Trend Micro are investing in the future of the cybersecurity industry, where security and development teams effectively work together to make their organizations safer," says Snyk global alliances CTO Geva Solomonovich.
"Snyks developer-first security technology to Trend Micro's Cloud One allows more customers to tackle open-source risk on a single platform, minimizing the need to manage multiple vendors and tools. we look forward to our continued collaboration with Trend Micro to foster more innovative, effective ways to solve key security concerns for our customers."
Most applications developed globally in the last 25 years have been built using open-source code. As the pressure to create and deliver new cloud-native applications continues to increase, organizations often lose sight of older applications, component inventories, and maintenance and update cycles, creating additional risk.
"With this one solution, we're able to solve several problems and use technology to bridge internal gaps," says Trend Micro's chief operating officer, Kevin Simzer.
"This offering can save over 650 hours of development time per application through increased automation, and help to manage risk and liability with license requirements, and it also gives security teams visibility into a part of our functional code base that has not been accessible; before."
The service also enables SecOps to identify vulnerabilities and issues associated with licensing. This will allow security teams to monitor, prioritize, and communicate risk and exposure rates within DevOps projects over time.
Some examples of this are
-
Data-driven security decisions
-
Continuous monitoring of threat levels
-
Effective prioritization of risks and remediation recommendations
-
Built-in automation can also help security teams quickly identify indirect open-source dependencies that both security and developer teams might not be aware exist in their applications.