The sharp rise of reported open source vulnerabilities in recent years, present software development and security teams with new challenges.
Teams can no longer fix all bugs, and remain on schedule, and prioritization is quickly becoming a necessity in order to focus limited remediation resources on the most critical issues.
Effective Usage Analysis technology helps teams to do just that – prioritize.
It scans open source components with known vulnerabilities to assess their security impact on your software. Prioritization is based on whether your proprietary code is making calls to the vulnerable method, making it effective.
Our research shows only 15% to 30% of vulnerabilities are indeed effective, so your team can easily focus on remediating the vulnerabilities that matter the most.
Vulnerabilities effectiveness level is displayed with shield icons.
The summary pane displays the number of libraries analyzed, their severity, and how many are effective.
The Analysis Statistics section at the bottom displays the percentage of libraries analyzed, and the number of effective and non-effective security alerts.
When an effective vulnerability is identified, a detailed call graph presents the complete paths from the proprietary code to the vulnerable functionality.
This pinpoints the exact location of the vulnerable functionality and the path that leads to it.
The call graph shows developers where a reference occurs, including filename, class name, and line in the code.
These details considerably shorten review and remediation time, saving precious resources, and helps organizations fix their critical vulnerabilities faster.