FOR THE CIO, CISO, AND CFO
The JEAS value proposition is simple: provide better security for your enterprise applications with less impact on your technical teams. The combination of advanced machine learning technology for detecting application vulnerabilities and automated remediation capabilities provides organizations with a new level of security.
1. All Applications Introduce Security Risks
- According to the National Institute of Standards and Technology (NIST), 90% of enterprise applications are vulnerable.
- Network security does not protect applications.
- Many applications are designed to run in browsers, where new threats are discovered every day.
2. Machine Learning Sets a New Standard of Security
- It stops hackers before they start by using deep learning to detect and fix vulnerabilities during development, before the code is deployed.
- It automatically detects and remediates vulnerabilities in source code. No compilation is required, resulting in much higher speed and reduced impact on development teams.
- It gives developers the help they need by directly providing them with highly accurate findings coupled with easy to apply fix recommendations.
- It produces far fewer false positives than competitive solutions, saving expensive development time.
- It is always up to date. Jaroona learns how to identify new vulnerabilities and code fixes from thousands of new publications daily in more than 3,000 security databases worldwide.
3. Fixing Vulnerabilities Early is Highly Cost Effective
- Jaroona finds and fixes vulnerabilities in source code during development.
- Most current approaches look for vulnerabilities in completed code, either during application testing, deployment, or even after the application is live. Fixing an exploit after release can be 640 times more expensive than fixing it during development (data from
- Applied Software Measurement: Global Analysis of Productivity and Quality by Capers Jones).
- For an organization maintaining a code base with 1 million lines of code, each 20% increase in the number of exploits that are fixed during development can save €320,000 annually.
- This graphic illustrates how costly it can be to fix vulnerabilities late in the process:
- The red line shows how expensive it is to fix the vulnerabilities at different points in the development cycle. A fix made during initial coding costs only €25, while fixed made post release typically cost €16,000.
- The blue line shows where vulnerabilities are introduced into the code base. You can see that the great majority, 85%, are introduced during coding.
To estimate the financial benefits of implementing Jaroona for your organization, use this cost/benefit calculator:
Size of Code Base (lines of code):
% of Code Changed Annually
(the industry average is 20%)
Total Vulnerabilities Created Annually
(based on the industry standard of 1 vulnerability introduced per 2,000 lines of code changed)
% of Vulnerabilities Currently Fixed Post-Release
(the industry average is 60%)
The metrics used in this cost/benefit calculator are from Applied Software Measurement: Global Analysis of Productivity and Quality by Capers Jones.
4. Traditional Solutions Have Severe Limitations
- Rule-based Static Application Security Testing (SAST) can be slow and inaccurate. This approach generates a high number of false positives, wasting resources on “detected vulnerabilities” that do not actually pose a danger. And it is too slow to adequately defend against rapidly evolving threats.
- Dynamic Application Security Testing (DAST) requires a labor intensive setup process which also introduces the possible errors. In addition, it is a poor fit for agile development teams due to the requirement for full code compilation.
- Interactive Application Security Testing (IAST) is costly, and does not provide complete coverage.
- None of the above solutions offer automated remediation suggestions.