How to Prevent Components With Known Vulnerabilities
One option is not to use components that you did not write. But that is not very realistic. Most component projects do not create vulnerability patches for old versions. Instead, most simply fix the problem in the next version. So upgrading to these new versions is critical.
Hdiv vulnerable software detection tools promote a more pragmatic approach, analysing software dependency both during build time and at runtime, to easily detect vulnerable bits of software that should be replaced for newer versions. The tools are designed to cover the whole application lifecycle:
- Fast Feedback : By integrating vulnerable software detection inside build time, our tools provide fast feedback to allow replacing vulnerable pieces as soon as possible. This reduces the higher cost that could result if they are detected later in the lifecycle.
- Complete lifetime protection : Most tools that try to cover vulnerable software detection are limited to build time. Hdiv software tools extend that to protect applications during their complete lifetime by early integration covering right up to production. This pragmatic approach allows vulnerabilities to be detected in software that may no longer be under development but whose dependencies may have been found vulnerable after some time (i.e. Heartbleed bug in OpenSSL).
- Automatic Vulnerabilities Dashboard : Another interesting feature of the Hdiv tool, is that in production (or pre-production) environments, it keeps track of all those vulnerabilities in a centralized place, giving system administrators all this information at a glance and without having to manually run additional checks.
Hdiv flow control minimizes vulnerable parts and at the same time SDLC and runtime detection is provided to prevent using vulnerable libraries.