In a strategic move, Flexera has announced that its globally recognised Flexera Software Vulnerability Database is now integrated into FlexNet Code Insight. The integration gives software developers unparalleled insight into vulnerabilities that may lurk within their open source code, and the ability to remediate those vulnerabilities before shipping their products to customers.
“This integration gives developers access to the deepest and most trusted vulnerability database in the world to help them minimise vulnerability risk. Our customers can leverage the combined strength of FlexNet Code Insight, powered by the National Vulnerability Database (NVD) and the Flexera Software Vulnerability Database, to significantly reduce the risk window between identifying and remediating vulnerabilities – before exploitation leads to costly breaches,” shared Jeff Luszcz, vice president of Product Management at Flexera.
The use of open source components in software development is crucial. From 100 open source libraries per release to today, developers using more than 3,000, dependency on open source has increased. The software suppliers need to ensure a safer software supply chain by truly understanding the vulnerability risk and compliance requirements they’re inheriting from the open source code they use.
According to Flexera’s Vulnerability Review 2017 report, 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors. 81 percent of those vulnerabilities had patches available on the same day as disclosure. But, on average, it takes companies 186 days to completely install those patches. This risk window gives hackers plenty of opportunity to exploit vulnerabilities, and perpetrate attacks with costly consequences to businesses.
With today’s announcement, FlexNet Code Insight is narrowing the risk window – providing comprehensive intelligence on discovered vulnerabilities. Read more…