Deepfactor 3.5 Includes Enhanced Vulnerability Prioritization with EPSS Support and Reachability Analysis for Golang

Deepfactor Release 3.5 Overview

As with every release, we continue to enhance our SCA coverage and priortization capabilities with 3.5. In this release, Deepfactor now offers customers enhanced vulnerability prioritization capabilities including:

Support for EPSS (Exploit Prediction Scoring System) with scoring for vulnerabilities and resources
Reachability analysis for Go applications

Deepfactor Release 3.5 Highlights:

	Features	Enhancements
Core Platform	· Deepfactor CLI (dfctl) for macOS enabling users to scan their artifacts on their development machines
SBOM, SCA & Container Scans	· EPSS (Exploit Prediction Scoring System) scoring for vulnerabilities and resources · Support for scanning Swift and .NET projects to generate SBOM and SCA results	· Support for generating SBOM in SPDX 2.3 format
Runtime SCA	· Reachability analysis for Go applications

Deepfactor Release 3.5 Details:

EPSS: With 3.5 release, we now show Exploit Prediction Scoring System (EPSS) scores for vulnerabilities. EPSS is an initiative by FIRST which takes a data-driven approach for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild in the next 30 days. EPSS leverages machine learning to identify patterns and relationships between the vulnerability information and the exploitation activity that we have collected over time. EPSS has emerged as a valuable metric for prioritization of vulnerabilities and with the addition of EPSS along with runtime reachability, our users can focus their developer teams’ energies in fixing vulnerabilities that represent true risk to their application without being overwhelmed by the large number of findings.

Extended coverage: We continue to increase our coverage with the support for scanning Swift and .NET projects to generate SBOM and SCA results

For additional details on Release 3.5, for both on-prem and SaaS, please review the Release Notes in Deepfactor Docs.

The post Deepfactor 3.5 Includes Enhanced Vulnerability Prioritization with EPSS Support and Reachability Analysis for Golang appeared first on Deepfactor.

*** This is a Security Bloggers Network syndicated blog from Deepfactor authored by Vikas Wadhvani. Read the original post at: https://www.deepfactor.io/deepfactor-3-5-includes-enhanced-vulnerability-prioritization-with-epss-support-and-reachability-analysis-for-golang/