Oracle announced new capabilities to help customers accelerate the development of applications and deployment on Oracle Cloud Infrastructure (OCI).
Endor Labs Announces Upgrade Impact Analysis and Endor Magic Patches
August 07, 2024
Endor Labs unveiled two capabilities, Upgrade Impact Analysis and Endor Magic Patches.
AppSec teams now get intel about how difficult a given upgrade can be, including what could break. This makes it easy to have conversations with Engineering about scoping security fixes and setting service-level agreements (SLAs). And when the evidence indicates the cost of upgrading will be too high, such as in the case of a foundational package that could take months or years to upgrade, teams can choose to immediately mitigate the vulnerability with a backported security patch maintained by Endor Labs.
Marcelo Oliveira, VP of Product Management at Endor Labs, said: “One of the best characteristics of OSS is the degree of constant improvement—there’s a regular flow of upgrades to just about every package. However, the merits can often be outweighed by the dangers. With these new capabilities, teams can clear this hurdle by sharply reducing the work required to understand the impact of dependency upgrades, and stay safe when the risk of upgrades is too high. It’s always been our mission to make security less of a burden on software engineers, and with this launch we continue to help security teams become better partners.”
Endor Labs uses program analysis at the time of build to see exactly which third-party dependencies are used and how they interact with the application code. A deep understanding of the application is what makes it possible to get an accurate software inventory, eliminate noise based on reachability, and accurately predict breaking changes.
Upgrade Impact Analysis: By extending the program analysis engine to identify unintended consequences such as breaking changes to an application, AppSec teams can manage risk in the context of difficulty. Because they understand how various fix options will impact the application, they can:
- Improve Return on Investment of Remediation Efforts: Identify which upgrades can have the highest security impact in conjunction with the effort it takes
- Give Time Back to Developers: Reduce the need for manual research by providing developers with a prioritized list of upgrades ranked by complexity and impact
- Address Risks Faster: Make informed estimations of fix efforts with standardized research so they can quickly implement low effort/low risk fixes and make prioritization decisions for complex fixes.
Endor Magic Patches eliminate the hassle of hard-to-perform upgrades by providing security patches that are backported to the vulnerable version. The source code, patches, test, build and deploy steps are available to inspect, and the builds are completely reproducible and hermetic. AppSec teams can:
- Respond to Emerging Threats: Be ready for the next Spring4Shell with peace of mind that they can obtain a patch to ensure the organization stays safe while the team works to upgrade dependencies
- Balance Developer Workloads: Reduce the urgency of upgrading so developers can focus on releasing their planned features without unexpected delays
- Support FedRAMP Compliance: Mitigate vulnerability risk to protect sensitive information in alignment with government requirements.
Industry News
September 10, 2024
JFrog and GitHub unveiled new integrations.
September 10, 2024
Opsera announced its latest platform capabilities for Salesforce DevOps.
September 09, 2024
Progress announced it has entered into a definitive agreement to acquire ShareFile, a business unit of Cloud Software Group, providing SaaS-native, AI-powered, document-centric collaboration, focusing on industry segments including business and professional services, financial services, healthcare and construction.
September 05, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux (RHEL) AI across the hybrid cloud.
September 05, 2024
Jitterbit announced its unified AI-infused, low-code Harmony platform.
September 05, 2024
Akuity announced the launch of KubeVision, a feature within the Akuity Platform.
September 05, 2024
Couchbase announced Capella Free Tier, a free developer environment designed to empower developers to evaluate and explore products and test new features without time constraints.
September 04, 2024
Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company, announced the general availability of AWS Parallel Computing Service, a new managed service that helps customers easily set up and manage high performance computing (HPC) clusters so they can run scientific and engineering workloads at virtually any scale on AWS.
September 04, 2024
Dell Technologies and Red Hat are bringing Red Hat Enterprise Linux AI (RHEL AI), a foundation model platform built on an AI-optimized operating system that enables users to more seamlessly develop, test and deploy artificial intelligence (AI) and generative AI (gen AI) models, to Dell PowerEdge servers.
September 04, 2024
Couchbase announced that Couchbase Mobile is generally available with vector search, which makes it possible for customers to offer similarity and hybrid search in their applications on mobile and at the edge.
September 04, 2024
Seekr announced the launch of SeekrFlow as a complete end-to-end AI platform for training, validating, deploying, and scaling trusted enterprise AI applications through an intuitive and simple to use web user interface (UI).
September 03, 2024
Check Point® Software Technologies Ltd. unveiled its innovative Portal designed for both managed security service providers (MSSPs) and distributors.
September 03, 2024
Couchbase officially launched Capella™ Columnar on AWS, which helps organizations streamline the development of adaptive applications by enabling real-time data analysis alongside operational workloads within a single database platform.
