RiskSense,
Inc., pioneering risk-based vulnerability management and
prioritization, today announced a new version of the cloud-delivered
RiskSense platform that harmonizes threat analysis, prioritization and
risk scoring across network-based assets as well as applications. Unlike
competitive approaches which provide separate views of infrastructure
and application vulnerabilities, RiskSense automatically calculates risk
across CVEs and CWEs for a full-spectrum view.
"RiskSense
helps organizations rapidly reduce risk and provides a new
understanding of how applications and their vulnerabilities affect the
entire attack surface," said Dr. Srinivas Mukkamala, CEO of RiskSense.
"This enables customers, for example, to assess security risks present
on servers and the applications running on them in a holistic fashion,
and to take the best, most cost-effective steps to decrease their
exposure".
Unified, Normalized, and Prioritized Full Stack Vulnerability Management
To
provide visibility across both infrastructure and application
vulnerability risk exposure from development through production,
RiskSense aggregates and normalizes outputs from multiple data sources
including SAST, DAST, Open Source Software (OSS), containers, pen
testing and bug bounty programs. This holistic approach enables
organizations to easily pinpoint and fix vulnerabilities in their attack
surface regardless of the application stack, code weakness location, or
infrastructure point.
RiskSense
consumes heterogeneous vendor and application scanner data, including
both CVE and CWE information, incorporates threat context, and
calculates risk as a single unit of measure called the RiskSense
Vulnerability Risk Rating (VRR) to deliver the highest-fidelity risk
prioritization.
The
RiskSense Application Security Dashboard provides developers and DevOps
personnel a global view of application vulnerabilities allowing them to
drill-down to detailed findings and their locations. The OWASP Top 10
and CWE Top 25 Most Dangerous Software Errors are also presented to help
improve developer knowledge and productivity. With full support for
popular ticketing systems, cross-functional teams can manage remediation
assignments step-by-step through to validation, knowing exactly what to
do next.
Availability
The
RiskSense Full Spectrum Risk-based Vulnerability Management solution
with the new Application Security capabilities is available immediately.