Code Analysis Based on Deep Learning Networks Drives
Unrivaled Accuracy, Speed and Scale for Vulnerability
Outperforms all other solutions
The Jaroona Enterprise Application Security (JEAS) solution leverages the power of deep learning networks to automatically learn from millions of vulnerabilities that have been recorded in public databases since 1999. The reported vulnerabilities were found in open source projects as well as enterprise solutions from the world’s leading IT companies. JEAS outperforms all other commercially available solutions in every key metric: false positive rate, false negative rate, accuracy, speed, and scalability.
Continuously Improves Automatically
The core of the solution is a custom framework that uses deep learning to detect software vulnerabilities: the JEAS Vulnerability Framework. The framework represents programming code as vectors that accommodate syntax and semantic information required for vulnerability detection. Semantic context is based on multi-layered representation of each unique code version, depicting control flow graphs, call graphs, program dependency graphs, and directory structures. The framework delivers detailed granular information regarding vulnerability structure, dependences and semantics in each unique program code to the deep neural network for training and detection. The trained deep neural network encodes these vulnerability patterns and can detect whether target programs (that never participated in the training) are vulnerable or not. Continuous unsupervised learning from millions of commits enables JEAS to incorporate knowledge from new vulnerabilities and fixes every day, resulting in a system that is always up to date.
Greatly Reduces False Positives and False Negatives
The diversity, scale and semantics of the vulnerability data used in continuous training, accompanied by deep learning architectures tailored to various kinds of vulnerabilities, enables JEAS to greatly reduce both false positives and false negatives. This results in very high accuracy and precision at unprecedented speed and scale.
Pinpoints Vulnerabilities in Target Code
The unique insights of the JEAS Vulnerability Framework are based on encoded and learned vulnerability patterns combined with a convolutional feature activation map. This enables the system to pin down the exact location of each vulnerability in the target code, highlighting any contributing function or statement with different color intensity based on its importance or contribution rate to each vulnerability.
The JEAS Vulnerability Framework is an extensible and language-agnostic vulnerability detection designed for incremental and distributed code analysis. This flexibility allows us to add support for a new programming language in a matter of weeks.
The New Best-in-Class
Invented by the Jaroona R&D team, the JEAS Framework extends the current state of the art beyond what rule-based vulnerability detection solutions are able to achieve. The system greatly reduces reliance on human experts and provides a scalable, feature-rich, enterprise-grade solution across multiple programming languages. It currently incorporates 121 common weaknesses (as defined by the Common Weakness Enumeration (CWE)) and more types are being added every day.