Trend Micro has launched a new Cloud One service that finds vulnerabilities, improves visibility, and provides tracking automation for open source software.
The new service, a co-built SaaS solution with Snyk, is designed to provide continuous insight into open source vulnerabilities, and enable risk management and drive data-driven decisions.
Open source Security by Snyk, is the latest Cloud One service and the first partner addition to the platform, which is available through the channel as well as AWS Marketplace.
This is the first service to provide visibility into open source software vulnerabilities for security operation teams. The use of open source code components is quickly expanding due to the speed, flexibility, extensibility, and quality they can offer application development teams. According to Snyk, 80% of application code today is open source.
Gartner notes in their Market Guide for Software Composition Analysis, that open source software is used in nearly all organisations. It says this introduces risks from readily exploitable vulnerabilities, and creates larger attack surfaces through which malware and malicious code can gain access, compromising proprietary code and infrastructure, and also cause legal and intellectual property exposures.
According to Snyk, there has been a 2.5x growth in open source vulnerabilities over the past three years, making it more important than ever to deliver security further into the DevOps pipeline. But it says process gaps, mismatched toolsets, and communication challenges between SecOps and DevOps are commonplace.
This often means security practitioners can face an uphill battle and lack visibility into application build-time risks.
"Together Snyk and Trend Micro are investing in the future of the cybersecurity industry, where security and development teams effectively work together to make their organisations safer," says Snyk global alliances CTO, Geva Solomonovich.
"Snyks developer-first security technology to Trend Micro's Cloud One allows more customers to tackle open source risk on a single platform, minimising the need to manage multiple vendors and tools. We look forward to our continued collaboration with Trend Micro to foster more innovative, effective ways to solve key security concerns for our customers.
Most applications developed globally in the last 25 years have been built using open source code. As the pressure to build and deliver new cloud-native applications continues to increase, organisations often lose sight of older applications, their component inventories, and maintenance and update cycles, creating further risk.
"With this one solution, we're able to solve several problems and use technology to bridge internal gaps," says Trend Micro chief operating officer, Kevin Simzer.
"This offering can save over 650 hours of development time per application through increased automation, and help to manage risk and liability with licence requirements, it also gives security teams visibility into a part of our functional code base that has not been accessible before.
The service also enables SecOps to identify vulnerabilities and issues related to licensing. This can enable security teams to monitor, prioritise, and communicate risk and exposure rates within DevOps projects over time.
Some examples of this are:
- Data-driven security decisions
- Continuous monitoring of threat levels
- Effective prioritisation of risks and remediation recommendations
Built-in automation can also help security teams quickly identify indirect open source dependencies that both security and developer teams may not be aware exist in their applications.