The Qwiet AI team had a great time this past week at the Gartner Risk Summit. There were a lot of interesting sessions, engaging hallway conversations, and I had an opportunity to talk with folks one on one at our booth about the newly released prioritization options we released alongside our new licensing compliance feature.
A common topic that came up was prioritization. Most of the people I spoke with from the AppSec side of the house said they felt frustrated when dealing with results from their existing application scanning tool because there were so many results and so little options for prioritizing what to fix first. One person confided, “Even if I only get 100 results from a scan (which is rare), it may as well be 5000 results, because it’s still a lot of fixes for me to send over to the developers. Despite helping them secure their code, I’m seen as the bad guy because I’m adding to their tech debt.” Conversations like this were in the majority over the 3 days of the conference. Thankfully, I had a solution I could share.
Our preZero platform has always had top-notch accuracy and reachability, but we’re on a constant quest to make it easier for our customer to prioritize their fixes. Our latest update added improved filtering options to help you get to the most important results quicker than before.
So let’s take a look at how you can quickly drill down to the most important vulnerabilities that will have the biggest impact on your overall application risk. We can see from the scan below there are 272 open source vulnerabilities. A lot for any organization to tackle.
So first let’s isolate just the reachable vulnerabilities. Under “Advanced Filters” you’ll see a checkbox to filter on “Reachable”.
That quickly brings us from 272 down to 111. Dramatic improvement, but we can go even further by just selecting the Criticals. This can be done from either the “Severity” drop down (1) or clicking the Red box in the “Reachable” area(2).
Now we’re down to 14 total. A manageable number of results, but we can take it one step further and utilize our Blacklight feature. Go to the “Exploitability” drop down and select “Exploitable”.
This takes you to the 6 critical vulnerabilities that have active exploits targeting them out in the wild. With just 3 clicks you’ve gone from 272 to 111 to 14 and finally to 6. A very quick and easy way to prioritize your remediation efforts to those vulnerabilities that represent the biggest risk to your organization. WIth this approach, our customers can satisfy AppSec’s goal of reducing risk while also keeping development producing secure code without adding tech debt.
It was great rolling this feature out during the Gartner Risk Conference because I was able to get consistent positive feedback demo after demo over 3 days. One of our customers stopped by the booth and after I walked through this new feature with him, he immediately started thinking about how quickly he could get this added into his remediation workflow. This feature is just the start of a whole slew of product enhancements we have planned over the next few months, all with the goal of helping organizations Qwiet the noise and focus on what’s important: producing secure code.