Business
Qualys Announces Ground-Breaking First-Party Software Risk Management Solution
New solution enables application security teams to detect, prioritize and remediate vulnerabilities within company developed software and embedded open source
About this update from Qualys, Inc.
[{"type":"text","content":"New solution enables application security teams to detect, prioritize and remediate vulnerabilities within company developed software and embedded open source components\nFOSTER CITY, Calif., Aug. 3, 2023 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it is opening up its award winning risk management platform to AppSec teams to bring their own detections to assess, prioritize and remediate the risk associated with first-party software and its embedded open source components.\n\n \n \n \n \n \n \n\n \nIn the digital transformation era, every organization develops its own software to run its business. This first-party, or company-developed, software often lacks the disciplined vulnerability and configuration management practices used for third-party software. Studies have shown that over 90% of first-party software includes open source components while more than 40% have high risks such as exploitable vulnerabilities. Today, application and security operations teams rely on manual checks or siloed scripts to evaluate the security of first-party software, resulting in ad-hoc security assessment that impedes the ability to prioritize and remediate risk effectively. Furthermore, traditional vulnerability assessment or software composition analysis tools do not detect the presence of embedded open source packages across the production environment. As a result, security teams face challenges in comprehending the true risk, particularly in security breaches like the Log4J incident.\nThe new Qualys solution enables organizations to bring their own detection and remediation scripts created using popular languages like PowerShell and Python to Qualys Vulnerability Management, Detection and Response (VMDR) as Qualys ID (QIDs), which the Qualys Cloud Agent executes in a secure and controlled manner. Qualys TruRisk then detects and prioritizes the findings in the same workflow and reporting as used for the third-party software findings. This empowers application and security teams to leverage their own detections to identify sensitive content, assess critical process and application statuses, tag assets based on sensitive or PII data presence, and mitigate risks associated with critical vulnerabilities like Log4J by configuring file ...