Cybersecurity leader Trend Micro is partnering up with application security platform Snyk to fight open-source bugs. The research found that open-source libraries cause security flaws in 70% of apps. Snyk itself has observed a 2.5x growth in open-source vulnerabilities over the past three years. However, open-source is vital to the advancement of the software development industry. Snyk estimates that around 80% of applications today are open-source.
In their Market Guide for Software Composition Analysis (paywall), Gartner recently stated:
“Open-source software is used in nearly all organizations. This introduces risks from readily exploitable vulnerabilities; an expanded attack surface through which malware and malicious code can gain access, compromising proprietary code and infrastructure; and legal and intellectual property exposures.”
The new SaaS solution co-built by Trend Micro and Snyk called ‘Trend Micro Cloud One – Open Source Security by Snyk’ is designed to provide continuous insight into open-source vulnerabilities. Geva Solomonovich, Global Alliances CTO at Snyk, commented:
“Together Snyk and Trend Micro are investing in the future of the cybersecurity industry, where security and development teams effectively work together to make their organisations safer. Adding Snyk’s developer-first security technology to Trend Micro’s Cloud One allows more customers to tackle open source risk on a single platform, minimising the need to manage multiple vendors and tools. We look forward to our continued collaboration with Trend Micro to foster more innovative, effective ways to solve key security concerns for our customers.”
The cloud service is a unified solution that tackles challenges between security and development teams – such as mismatched toolsets, process gaps, and communications issues. Kevin Simzer, Chief Operating Officer at Trend Micro, said:
“With this one solution, we’re able to solve several problems and use technology to bridge internal gaps. This offering can save over 650 hours of development time per application through increased automation, helps to manage risk and liability with license requirements, and gives security teams visibility into a part of our functional code base that has not been accessible before.”
Indirect open-source dependencies that security and developer teams may not even be aware of can pose a serious threat. The built-in automation features of the solution ensure that all teams can quickly identify such dependencies. The companies estimate that around eight hours can be saved per vulnerability thanks to this automation.
The service is available along with the entire Cloud One platform on AWS Marketplace.