Deepfactor 3.5 Includes Enhanced Vulnerability Prioritization with EPSS Support and Reachability Analysis for Golang

Deepfactor Release 3.5 Overview

As with every release, we continue to enhance our SCA coverage and priortization capabilities with 3.5. In this release, Deepfactor now offers customers enhanced vulnerability prioritization capabilities including:

• Support for EPSS (Exploit Prediction Scoring System) with scoring for vulnerabilities and resources
• Reachability analysis for Go applications

Deepfactor Release 3.5 Highlights:

Deepfactor Release 3.5 Details:

EPSS: With 3.5 release, we now show Exploit Prediction Scoring System (EPSS) scores for vulnerabilities. EPSS is an initiative by FIRST which takes a data-driven approach for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild in the next 30 days. EPSS leverages machine learning to identify patterns and relationships between the vulnerability information and the exploitation activity that we have collected over time. EPSS has emerged as a valuable metric for prioritization of vulnerabilities and with the addition of EPSS along with runtime reachability, our users can focus their developer teams’ energies in fixing vulnerabilities that represent true risk to their application without being overwhelmed by the large number of findings.

Extended coverage: We continue to increase our coverage with the support for scanning Swift and .NET projects to generate SBOM and SCA results

For additional details on Release 3.5, for both on-prem and SaaS, please review the Release Notes in Deepfactor Docs.

Frequently Asked Questions

1. What is EPSS (Exploit Prediction Scoring System), and how does it enhance vulnerability prioritization in Deepfactor Release 3.5?

Answer: EPSS is an initiative by FIRST that estimates the likelihood of a software vulnerability being exploited in the wild within the next 30 days using a data-driven approach and machine learning. In Deepfactor Release 3.5, EPSS scores are integrated to help users prioritize vulnerabilities effectively, allowing them to focus their efforts on addressing vulnerabilities that pose the highest risk to their applications.

2. What enhancements does Deepfactor Release 3.5 offer for vulnerability scanning and Software Bill of Materials (SBOM) generation?

Answer: Deepfactor Release 3.5 introduces several enhancements for vulnerability scanning and SBOM generation, including EPSS scoring for vulnerabilities and resources, support for scanning Swift and .NET projects, and the ability to generate SBOM in SPDX 2.3 format.

3. What is reachability analysis, and how does it benefit Go applications in Deepfactor Release 3.5?

Answer: Reachability analysis is a feature introduced in Deepfactor Release 3.5 specifically for Go applications. It helps in analyzing the reachability of various components within Go applications, aiding in identifying potential security vulnerabilities or issues that could impact the application’s performance or reliability.

4. How does Deepfactor Release 3.5 empower developers in addressing security vulnerabilities effectively?

Answer: Deepfactor Release 3.5 empowers developers by providing them with enhanced vulnerability prioritization capabilities through features like EPSS scoring and reachability analysis. By focusing on vulnerabilities that represent true risk to their applications, developers can allocate their resources more efficiently and address security concerns effectively.