To meet the growing demand for Oracle Container Engine for Kubernetes (OKE) with global organizations, Oracle Cloud Infrastructure (OCI) is introducing new capabilities that can boost the reliability and efficiency of large-scale Kubernetes environments while simplifying operations and reducing costs.
AppSec Bugs: A Case of Déjà Vu for JIT Compilers
September 30, 2019
Just-in-time (JIT) compilers have had their fair share of bug-fighting experience. Before movies like Wargames and Hackers inspired the first generation of breakers, most users were concerned with the speed, or lack thereof, of their programs. The compiler community responded with JIT compilers to accelerate application performance.
Then in the mid 90s, memory management bugs were the plague of the programming industry. Again, the runtime/compiler community realized they could solve this problem with automatic memory management inside the JIT compiler.
Security Bugs: An Evolving Threat
Today, performance bugs and memory bugs are the least of the worries facing the developer community. Instead, a new crisis has surfaced: security bugs. Security bugs are so much more concerning than the other bugs because security bugs will get you "pwned!"
To tackle this, there has been a deluge of scanning and filtering tools developed for programmers to find code flaws. DevOps tools like static, dynamic and interactive application security testing (SAST, DAST, IAST), and runtime application self-protection (RASP), or network tools like intrusion detection or prevention systems (IDS, IPS), and unified threat management (UTM), all find or filter vulnerabilities but do nothing to fix the underlying vulnerable code. For that, there are only two ways that buggy code can be modified and fixed: with a human programmer or a JIT compiler.
New Roles for JIT Compilers
State-of-the-art JIT compilers today are constantly looking for ways to optimize executing code by learning and analyzing everything about an application's code. This deep application code intelligence, which was so effectively applied to performance bugs and memory management bugs in the past, is now being applied to discover and remediate security bugs.
In this security context, the JIT compiler leverages existing analysis of application code to additionally analyze for security vulnerabilities. When it finds one, it's a seamless step to fix it: The JIT compiler simply rewrites the vulnerable code with the necessary security controls to fix the underlying vulnerability.
Benefits of JIT Compilers
Since this analysis and change is done in the runtime, the JIT compiler also adds a layer of security without having to modify any source code.
The benefits of this can be liberating for DevOps teams that face disruption to existing projects every time a new vulnerability is exposed. Given that more than 22,000 vulnerabilities were discovered in 2018, this ability to protect applications without requiring programmer resources allows development teams to apply fixes during periods where they will have the least impact on the business.
Further, for many organizations that have legacy code, they may no longer be able to access the source code for fear that any modifications could prove catastrophic to the application. For security remediation, the JIT compiler can be used to remediate vulnerabilities in the byte code — not the source code — reducing or eliminating the risks that often lead to broken applications.
The threat that security bugs pose to businesses keeps many a DevOps team up at night. But to JIT compilers, this isn't their first rodeo. In fact, it's just another case of déjà vu.
Industry News
March 20, 2023
Perforce Software joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program and listed its free Enhanced Studio Pack (ESP) in AWS Marketplace.
March 20, 2023
Aembit, an identity platform that lets DevOps and Security teams discover, manage, enforce, and audit access between federated workloads, announced its official launch alongside $16.6M in seed financing from cybersecurity specialist investors Ballistic Ventures and Ten Eleven Ventures.
March 16, 2023
Hyland released Alfresco Content Services 7.0 – a cloud-native content services platform, optimized for content model flexibility and performance at scale.
March 16, 2023
CAST AI has announced the closing of a $20M investment round.
March 15, 2023
Check Point® Software Technologies introduced Infinity Global Services, an all-encompassing security solution that will empower organizations of all sizes to fortify their systems, from cloud to network to endpoint.
March 15, 2023
OpsCruise's Kubernetes and Cloud Service observability platform is certified to run on the Red Hat OpenShift Kubernetes platform.
March 14, 2023
DataOps.live released an update to the DataOps.live platform, delivering productivity for data teams.
March 14, 2023
CoreStack and Zensar announced a strategic global partnership. CoreStack will provide its AI-powered NextGen cloud governance and FinOps capabilities, complementing Zensar’s composable cloud operations offering.
March 14, 2023
Delinea introduced the Delinea Platform, a cloud-native foundation for Delinea's PAM solutions that empowers end-to-end visibility, dynamic privilege controls, and adaptive security.
March 13, 2023
Sysdig announced a new foundation that will serve as the long-term custodian of the Wireshark open source project.
March 13, 2023
Talend announced the latest update to Talend Data Fabric, its end-to-end platform for data discovery, transformation, governance, and sharing.
March 13, 2023
Descope has raised $53M in seed funding and emerged from stealth to launch a frictionless, secure, and developer-friendly authentication and user management platform.
March 09, 2023
Loft Labs announced Loft v3 with new capabilities and flexibility for platform teams to build and enable their development teams with a self-service Kubernetes.
March 09, 2023
AWS Application Composer is now generally available.
