Continuously Improves Automatically

The core of the solution is a custom framework that uses deep learning to detect software vulnerabilities: the JEAS Vulnerability Framework. The framework represents programming code as vectors that accommodate syntax and semantic information required for vulnerability detection. Semantic context is based on multi-layered representation of each unique code version, depicting control flow graphs, call graphs, program dependency graphs, and directory structures. The framework delivers detailed granular information regarding vulnerability structure, dependences and semantics in each unique program code to the deep neural network for training and detection. The trained deep neural network encodes these vulnerability patterns and can detect whether target programs (that never participated in the training) are vulnerable or not. Continuous unsupervised learning from millions of commits enables JEAS to incorporate knowledge from new vulnerabilities and fixes every day, resulting in a system that is always up to date.

Pinpoints Vulnerabilities in Target Code

The unique insights of the JEAS Vulnerability Framework are based on encoded and learned vulnerability patterns combined with a convolutional feature activation map. This enables the system to pin down the exact location of each vulnerability in the target code, highlighting any contributing function or statement with different color intensity based on its importance or contribution rate to each vulnerability.

The New Best-in-Class

Invented by the Jaroona R&D team, the JEAS Framework extends the current state of the art beyond what rule-based vulnerability detection solutions are able to achieve. The system greatly reduces reliance on human experts and provides a scalable, feature-rich, enterprise-grade solution across multiple programming languages. It currently incorporates 121 common weaknesses (as defined by the Common Weakness Enumeration (CWE)) and more types are being added every day.