Share this article on:
Java platform Azul has announced an expanded range of support solutions with a new product to identify security vulnerabilities in Java applications, without affecting performance.
Azul Vulnerability Detection works by detecting known security issues in Java programs, eliminating the increasing risk of attacks on software supply chains in enterprise.
According to research by Gartner, 45 per cent of businesses will have experienced an attack on their software supply chains, tripling the number for 2021.
The issue of vulnerabilities often arises with the use of third-party code and software, such as from SDKs and libraries. Azul estimates that 40 to 80 per cent of lines in code are sourced from third parties.
This poses an additional risk to businesses, as attackers work to identify and capitalise on security flaws in this commonly used code.
“Attackers will target commonly used open source to find vulnerabilities because they know their wide usage will leave many organisations open to attack,” said Enterprise Strategy Group senior analyst Melinda Marks.
Log4Shell is an example of a critical flaw, which is found in a widely used Java-based logging component called Log4j. This vulnerability has been called “one of the most serious software vulnerabilities in history” by the Department of Homeland Security in the US.
“We’ve learned from past vulnerabilities like Log4Shell that the challenge is in rapidly finding the instances in use and quickly remediating them,” continued Marks.
“Azul Vulnerability Detection will be helpful for organisations to use to efficiently remediate Java vulnerabilities to protect their applications.”
When a user runs their code, Azul Vulnerability Detection identifies the code being run and compares it to a database of known Java-specific vulnerabilities, allowing it to accurately detect issues without generating false positives.
“Azul Vulnerability Detection makes security a byproduct of simply running your Java software,” said Azul CEO and co-founder Scott Sellers.
“Our new product fills a critical gap in enterprises’ security strategies — detecting vulnerabilities at point of use in production, the endpoint of the software supply chain.
“As a leading Java runtime provider to the world’s most important enterprises around the globe, Azul is uniquely positioned to augment the vulnerability detection market by eliminating the performance penalties and false positives that have plagued customers who rely solely on legacy tools.”