- 99% of the codebases audited included open source code components
- 75% of codebases contained vulnerabilities
- 49% of codebases contained high-risk vulnerabilities
- 82% of codebases had components more than 4 years out of date
The results of this study are troubling because applications that use open source code, 3rd party code and legacy code are known to contain higher levels of vulnerabilities as indicated by this study.
Organizations may feel pressured to use open source codebases, as the COVID-19 pandemic has forced many workers to work from home, requiring updates to many applications. The pressure to release code as soon as possible has never been greater. With more open source code found in applications, it’s more important than ever to protect applications that are running in production.
K2 Cyber Security can help cyber security teams by providing runtime application security with the least false positives using deterministic security that detects new zero day threats. K2 protects applications with vulnerabilities and provides alerts based on severity and includes actionable alerts that provide complete visibility to the attacks and the vulnerabilities that the attacks are targeting including the location of the vulnerability within the application, providing details like file name and line of code where the vulnerability exists to help reduce the time to remediation.
K2 Cyber Security Platform offers two use cases, for additional visibility during pre-production (development) penetration testing, while the other is runtime protection for applications in production. In the second use case, K2 offers an ideal runtime protection security solution that detects true zero-day attacks, while at the same time generates the least false positives and alerts. Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has minimal false alerts.
Change how you protect your applications, and check out K2’s application workload security solution.