March 1, 2024

Deepfactor 3.5 Includes Enhanced Vulnerability Prioritization with EPSS Support and Reachability Analysis for Golang

Vikas Wadhvani, Director of Engineering—Product, Deepfactor

Whitepaper: SCA 2.0 — A Framework to Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

6 strategies to prioritize runtime alerts.

Download Now >

Deepfactor Release 3.5 Overview

As with every release, we continue to enhance our SCA coverage and priortization capabilities with 3.5. In this release, Deepfactor now offers customers enhanced vulnerability prioritization capabilities including:

Deepfactor Release 3.5 Highlights:

  Features Enhancements
Core Platform ·       Deepfactor CLI (dfctl) for macOS enabling users to scan their artifacts on their development machines
SBOM, SCA & Container Scans ·       EPSS (Exploit Prediction Scoring System) scoring for vulnerabilities and resources

·       Support for scanning Swift and .NET projects to generate SBOM and SCA results

·       Support for generating SBOM in SPDX 2.3 format
Runtime SCA ·       Reachability analysis for Go applications

 

Deepfactor Release 3.5 Details:

EPSS: With 3.5 release, we now show Exploit Prediction Scoring System (EPSS) scores for vulnerabilities. EPSS is an initiative by FIRST which takes a data-driven approach for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild in the next 30 days. EPSS leverages machine learning to identify patterns and relationships between the vulnerability information and the exploitation activity that we have collected over time. EPSS has emerged as a valuable metric for prioritization of vulnerabilities and with the addition of EPSS along with runtime reachability, our users can focus their developer teams’ energies in fixing vulnerabilities that represent true risk to their application without being overwhelmed by the large number of findings.

Deepfactor 3.5 Includes Enhanced Vulnerability Prioritization with EPSS Support and Reachability Analysis for Golang

Deepfactor Release 3.5

 

Extended coverage: We continue to increase our coverage with the support for scanning Swift and .NET projects to generate SBOM and SCA results

For additional details on Release 3.5, for both on-prem and SaaS, please review the Release Notes in Deepfactor Docs.

 

Frequently Asked Questions

1. What is EPSS (Exploit Prediction Scoring System), and how does it enhance vulnerability prioritization in Deepfactor Release 3.5?

Answer: EPSS is an initiative by FIRST that estimates the likelihood of a software vulnerability being exploited in the wild within the next 30 days using a data-driven approach and machine learning. In Deepfactor Release 3.5, EPSS scores are integrated to help users prioritize vulnerabilities effectively, allowing them to focus their efforts on addressing vulnerabilities that pose the highest risk to their applications.

2. What enhancements does Deepfactor Release 3.5 offer for vulnerability scanning and Software Bill of Materials (SBOM) generation?

Answer: Deepfactor Release 3.5 introduces several enhancements for vulnerability scanning and SBOM generation, including EPSS scoring for vulnerabilities and resources, support for scanning Swift and .NET projects, and the ability to generate SBOM in SPDX 2.3 format.

3. What is reachability analysis, and how does it benefit Go applications in Deepfactor Release 3.5?

Answer: Reachability analysis is a feature introduced in Deepfactor Release 3.5 specifically for Go applications. It helps in analyzing the reachability of various components within Go applications, aiding in identifying potential security vulnerabilities or issues that could impact the application’s performance or reliability.

4. How does Deepfactor Release 3.5 empower developers in addressing security vulnerabilities effectively?

Answer: Deepfactor Release 3.5 empowers developers by providing them with enhanced vulnerability prioritization capabilities through features like EPSS scoring and reachability analysis. By focusing on vulnerabilities that represent true risk to their applications, developers can allocate their resources more efficiently and address security concerns effectively.

Free Trial Signup

The Deepfactor trial includes the full functionality of the platform, hosted in a multi-tenant environment.

Sign Up Today! >
SCA 2.0 Whitepaper

Whitepaper: SCA 2.0 — A Framework to Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

6 strategies to prioritize runtime alerts.

Download Now >

About the Author

Vikas Wadhvani, Director of Engineering—Product, Deepfactor

Vikas is a seasoned engineer and product management professional who has been at the trifecta of product, UX and technology at several startups, transforming ideas to products.

Subscribe to our monthly eNewsletter and stay up-to-date on everything Deepfactor has to offer!