Azul Launches SaaS to Combat Java App Vulnerabilities
Azul, a leading provider of Java runtime solutions, has launched Azul Vulnerability Detection, a new SaaS product aimed at continuously identifying known security vulnerabilities in Java applications. This announcement comes amidst a growing concern over software supply chain attacks, with Gartner predicting a significant increase by 2025.
Software supply chain attacks have been on the rise, with major global companies like SolarWinds, Kaseya, and Codecov falling victim since 2021. Gartner forecasts that by 2025, 45% of organisations worldwide will have experienced such attacks, a three-fold increase from 2021. The primary risk lies in the extensive use of third-party code, with estimates suggesting that 40% to 80% of the lines of code in software come from external sources.
Azul's new product, Azul Vulnerability Detection, addresses this challenge by focusing on vulnerable code that is actually used in Java applications. It works seamlessly with any Azul JVM, including free Azul Zulu Builds of OpenJDK, and is compatible with all Java applications, libraries, and frameworks. The product uniquely identifies code run and maps it against a curated Java-specific database of common vulnerabilities and exposures (CVEs).
The agentless cloud service helps organisations understand their Java application exposure to known vulnerabilities based on real usage in production, QA, and development environments. Users can access detailed data about vulnerable components via the product's API or an intuitive UI. Additionally, Azul Vulnerability Detection retains a history of component and code use for focused forensics, making it an ideal tool for in-production use. It eliminates false positives and has no performance impact, ensuring it won't disrupt ongoing operations.
With the increasing threat of software supply chain attacks, Azul's new product, Azul Vulnerability Detection, offers a proactive solution for organisations to continuously monitor and mitigate known security vulnerabilities in their Java applications. By focusing on real usage and eliminating false positives, it provides a comprehensive and efficient approach to software supply chain security.
