STOCKHOLM, SWEDEN / ACCESSWIRE / November 13, 2024 / FossID, a leading provider of open source software risk management technology and services, announced today the highlights to come in version 24.3 of its Software Composition Analysis (SCA) tool, FossID Workbench.
In response to evolving Application Security (AppSec) challenges related to increasingly complex software supply chains, FossID has focused its next major release on improving the toolset’s ability to surface and communicate actionable security vulnerability and exploitability information.
Highlighted in the upcoming release are:
-
VEX (Vulnerability Exploitability eXchange) integration to provide an enhanced security-centric user experience in the Workbench UI, better complementing the license-centric experience. VEX information helps software development teams go beyond identifying the presence of vulnerable components to understand and communicate their potential exploitability and mitigate risks more effectively.
-
SBOM (Software Bill of Materials) + VEX support to import, merge and export VEX data within CycloneDX and SPDX SBOM file formats ensuring compliance with existing and emerging regulatory requirements.
-
A security-centric user experience for faster, more intuitive access to security risk-related information.
“When it comes to Software Supply Chain security, both private industry and government regulatory requirements have standardized the use of VEX within an SBOM as a common, consistent means of communicating AppSec risk,” said Stuart Dross, CEO. “This latest release provides our clients with the infrastructure they need to comprehensively identify, document and communicate application security risk across their supply chain ecosystems.”
Further expanding on FossID’s current software supply chain security capabilities, 24.3 also includes enhancements to existing capabilities such as:
-
Continuous CVE monitoring provides both automated in-app and email notifications when a new CVE is published for components known to be in your software project.
-
Vulnerable snippet identification highlights precise lines of vulnerable code within your internal “forks” of open-source projects, so that your team can remediate more efficiently and improve your security posture.
-
Security Knowledge Base is updated weekly so that you can keep up with ever-changing security vulnerability information.
FossID Workbench 24.3 is expected to be generally available in December 2024 with a product release announcement providing a full list of features and updates.
About FossID
FossID provides software risk management solutions that enable enterprises to leverage open source, third-party, and AI-generated code with confidence. Powered by FossID Workbench, a Software Composition Analysis (SCA) toolset, FossID also provides open source audit, technical due diligence, and code review services to help clients manage legal, security, and operational software supply chain risk.
Learn more: https://www.fossid.com
Follow us: Blog | LinkedIn | X | GitHub
Media Contact
Aaron Branson
FossID Media Relations
media@fossid.com
SOURCE: FossID
View the original press release on newswire.com.