The leading software application security testing solutions provider, GrammaTech introduced a new solution that performs binary software composition analysis (SCA), CodeSentry, to identify vulnerabilities in third-party codes that are used in custom-developed applications. This new solution recognizes blind spots and helps security experts to measure and manage risks easily and quickly throughout the software lifecycle.
As the third-party software is delivered in source or binary form, the organization using it might not be aware of its fundamental components. This code can be commercial off the shelf (COTS), open-source, or contracted software. CodeSentry can identify the components and vulnerabilities related to them, including GUI or network components or authentication layers. With the use of deep binary analysis, it creates a detailed software bill of materials (SBOM) and a complete list of known vulnerabilities.
The rising number of high-profile attacks that exploit open source has increased the need to inspect the third-party code. Opposite to accidental vulnerabilities, an increased number of incidents are detected where malicious code is deliberately integrated by attackers who are seeking to exploit the trust of the open-source community. Due to the aforementioned reason, the software supply chain risk is getting more attention, according to a resource.
GrammaTech’s CEO, Mike Dager stated that organizations now prefer using third-party components instead of developing applications from scratch to speed-up time to market and is driving enormous growth in reusable code. Dager claimed that most organizations have started recognizing the security risks possessed by third-party code to their applications and business, and the need for SCA delivered by CodeSentry, which examines binaries for unmatched precision.
The Chief Product Officer for GrammaTech, Vince Arneja affirmed that customers who use first-generation software composition analysis tools and depend on source code to detect third-party components, do not have perceptibility into software that is delivered as binaries and hence, often are at a risk. The ability of CodeSentry to provide binary analysis and generate a software bill of materials removes the hazardous blind spot so the companies can reduce the attack surface.