HCL AppScan Expands its Software Supply Chain Security Capabilities with Active Application Security Posture Management

MOUNTAIN VIEW, CA, and NOIDA, India – (May 7, 2024) - HCLSoftware, a global leader in enterprise software solutions, announced today at RSA Conference (RSAC) 2024 in San Francisco, the launch of HCL AppScan Supply Chain Security (in partnership with OX Security), an active application security posture management platform to help organizations improve the security of their software supply chains. RSAC is one of the largest events worldwide dedicated to bringing together thousands of cybersecurity industry professionals.

In today's Digital+ economy, where innovation and agility are keys to success, ensuring the security of the entire software supply chain is more critical than ever. Supply chain attacks have increased exponentially as developers have adopted wider and wider use of open source and third-party applications, often with little attention to the vulnerabilities and risks that they bring.

The use of these out-of-the-box open source and third-party solutions is key to maintaining the fast pace of software development. Development time is greatly reduced if a team does not have to develop a portion of code or a software component from scratch.

“What we are seeing globally is that the use of open-source components and libraries have not received nearly the same level of security scrutiny that is applied when writing proprietary code.” said Rajesh Iyer, Executive Vice President, HCLSoftware. “The risk that organizations are facing requires a whole new level of oversight and visibility.”

High-profile events such as the 2020 SolarWinds attack, which was perpetrated by Russian sponsored hackers, was a watershed moment for software supply chain security. Since then, we have witnessed other attacks from the 2021 discovery of vulnerabilities in the popular Log4j open-source software to a 2024 malicious backdoor in the xz software library.

Some of the most significant attacks in 2023 were aimed at Telecom and IT where VoIP and file transfer software were targeted impacting thousands of businesses and millions of individuals costing close to $10 billion in damages. Healthcare care groups and the financial sector were notable targets impacting millions of patients whose social security numbers were stolen, while millions had their financial information exposed. Unfortunately, these attacks have become all too common.

As the number and severity of costly software supply chain attacks has risen there has been a steady increase in government compliance standards around the world. The recent US executive order 14028 is a good example that defines which software components are critical and the security measures needed for their use.

All of this is driving organizations to reconsider their entire approach to risk management and a demand for full end-to-end visibility and oversight of every aspect of their software development. In response to this overwhelming need, HCLSoftware delivers increased benefits to customers with the launch of HCL AppScan Supply Chain Security in partnership with OX Security.

HCL AppScan Supply Chain Security provides customers with the increased benefits of Active Application Security Posture Management (Active ASPM), a pioneering approach that empowers organizations to maintain a proactive security posture across their entire software landscape. Active ASPM integrates best-in-class application security testing with robust posture management and software supply chain security. This complete package provides you with full visibility of all risk factors and in-depth assessment tools that let you triage and remediate vulnerabilities in record time.

Highlights include:

  • Pipeline Bill of Materials (PBOM) is a dynamic list of everything a piece of software has gone through and provides unparalleled visibility from code to cloud and traceability from cloud to code.
  • Prioritize risk with active context that classifies all application components based on environment, attack vectors, and business criticality.
  • Maintain software pipeline integrity from a single location where you can collect all data and orchestrate DevSecOps activities
  • Seamlessly integrate your SAST, DAST, and SCA test findings into centralized dashboards for faster triage.
  • Automate No-code workflows to quickly push action items to the right people for faster remediation times.

According to Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC, "Increasing attacks on the software supply chain pose a significant business risk to medium and large-scale organizations. Many of them are struggling to identify security blind spots within their development pipelines. To stay ahead of these attacks more effectively, organizations should consider solutions like HCL AppScan Supply Chain Security to automate their discovery, prioritization, and remediation efforts based on exploitability insights."

For more information about HCL AppScan Supply Chain Security release, please visit: https://www.hcl-software.com/appscan.


About HCLSoftware

HCLSoftware, the software business division of HCLTech, fuels the Digital+ economy by developing, marketing, selling and supporting solutions in four key areas: digital transformation; data and analytics; AI and intelligent automation and enterprise security. HCLSoftware drives customer success through relentless product innovation for more than 20,000 organizations, including a majority of the Fortune 100 and almost half of the Fortune 500.