Developers increasingly rely on third party libraries and frameworks to build apps . Some of these libraries have vulnerabilities that may remain undetected due to these libraries being buried deep in the dependency supply chain . Security engineers in an organizations having hundreds of apps often struggle with determining the impact of a vulnerability across their software portfolio , reacting to zero day vulnerabilities in a timely manner and getting them fixed .Traditional tools have a top-down approach where each app is scanned for underlined vulnerability and issues reported in isolation but overall impact across apps remains a mystery along with delayed response to newly reported vulnerabilities .That's where VCube Security comes in to help .
VCube has built a universal dependency graph of all libraries and mapped them such that it can identify all libraries that are dependent on others and vice versa . An organization can attach its application dependencies to the graph to instantly get a view into the library usage and impact of all vulnerabilities across its portfolio.In addition VCube provides a single communication channel for library vendor , consuming security engineer and developer to get real-time updates and app fix recommendation for zero-day vulnerabilities
The VCube team would like to thank Ryan Liu and Dr. Sekhar Sarukkai for providing insightful guidance in building of the project and also UC Berkeley Center for Long-Term Cybersecurity https://cltc.berkeley.edu/ for providing necessary funding on the project