TuxCare launched SecureChain for Java service to bolster software supply chain security via continuously secured and free repository service.
With 76% of open source code used in the commercial code bases, threat groups see it as an ever-growing opportunity to exploit the software supply chain to access a vast number of targets.
Cybercriminals understand that open source supply chains are often complex, with software often relying on numerous third-party open source libraries that are also dependent on other libraries themselves – turning just one vulnerability in a popular library into a headache for the entire ecosystem.
TuxCare’s SecureChain for Java answers the need to centrally manage a repository of pre-approved and continuously secured open source components – focusing valuable resources on innovation while providing customers with complete visibility into their open source packages and the peace of mind that they are armed with the reliable SLAs for security fixes.
“With a significant presence throughout web development, enterprise software, Android app development and more, Java was a clear choice as the first language to be addressed in our new SecureChain service,” said Jim Jackson, President and CRO at TuxCare.
“We’re pleased to offer SecureChain customers a simple, cost-effective and fast way to minimize security risks by ensuring their supply chain dependencies are free of vulnerabilities and malicious code – and TuxCare looks forward to adding additional languages soon,” added Jackson.
Through SecureChain for Java, organizations can also attest to the compliance of their Java supply chain with an assured Software Bill of Materials (SBOM) for each package. Additionally, customers can avoid refactoring costs thanks to the in-place replacement of the currently used package version without the need to adapt the code to changes in the package.