Jaroona is the developer’s security solution. With Jaroona, developers can stop hackers before they start by using deep learning to detect and remediate vulnerabilities during development. Based on learning from millions of commits and updated daily, Jaroona finds and fixes more vulnerabilities than any other solution. When your code hits production, it’s protected.
Understanding the risk
We live in the era of weaponized AI.
Every day cyber attackers deploy new methods to avoid detection, evade antivirus tools, and detect a user‘s environment and deliver specific and targeted exploits.
For example, in March 2020 Google patched a critical vulnerability known as CVE-2020-0069 that enabled attackers to gain root access on millions of Android devices, including Amazon Kindle Fire tablets and products made by Motorola, Nokia, Sony, OPPO, Alcatel, and many others.
The consequences of a successful attack were disastrous. The vulnerability allows attackers to gain root access, with which they can grant any app on the device any permission. This means a normal app on your device can be hijacked to do whatever the attacker desires.
CVE-2020-0069 is one of thousands of vulnerabilities that hackers can exploit. According to the National Institute of Standards and Technology, there have been 50,031 application vulnerabilities in the last three years. Read more about CVE-2020-0069 and the risks it represents here (link to the Anatomy of a Security Vulnerability page).
It’s time for developers to catch up with attackers and utilize AI to protect their applications.
The best protection starts by writing secure code without vulnerabilities that can be later exploited. Secure code prevents many cyber-attacks from happening because it removes the vulnerabilities they rely on. If your software has a security vulnerability it can be exploited. It’s time for developers to catch up with attackers and utilize AI to protect their applications.
JEAS Assists Developers on the Job
Jaroona automatically and continuously learns about new vulnerabilities, finds them in your own development environment, and fixes them automatically or assists you in fixing them with machine generated remediation or community recommendations.
JEAS Supports all Major Development Environments
JEAS is fully integrated into all major development environments, bringing the power of machine-learning based security right to your fingertips.
JEAS Helps Developers Work more Efficiently
JEAS is there when you need it: when you are coding. It’s constantly looking for vulnerabilities and helps you fix them on the spot. There’s no need to wait until the end of a sprint for testing and remediation.
If You are Skeptical of Code Analyzers, Try JEAS
Many developers are reluctant to use code analyzers due to their history of high false positives, unactionable alerts that consume developer time, and a lack of mitigation support.
JEAS is a new type of code analysis tool. Based on recent advances in NLP (Natural Language Processing) research, JEAS minimizes false positives (<5%) and provides real time mitigation support in a form of machine generated code fixes and automatically mined developer community fix suggestions. JEAS offers an Intellij IDEA plugin to enable effective scanning and mediation. All warnings are brief and actionable.
JEAS was created by developers, for developers. The tool helps you efficiently fix potential vulnerabilities and encourages good programming practices. The fixes are not generic, but specific to the project being developed. The scanning of vulnerabilities is efficient and does not impact the programmer’s productivity.