Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.
Endor Labs unveiled two capabilities, Upgrade Impact Analysis and Endor Magic Patches.
AppSec teams now get intel about how difficult a given upgrade can be, including what could break. This makes it easy to have conversations with Engineering about scoping security fixes and setting service-level agreements (SLAs). And when the evidence indicates the cost of upgrading will be too high, such as in the case of a foundational package that could take months or years to upgrade, teams can choose to immediately mitigate the vulnerability with a backported security patch maintained by Endor Labs.
Marcelo Oliveira, VP of Product Management at Endor Labs, said: “One of the best characteristics of OSS is the degree of constant improvement—there’s a regular flow of upgrades to just about every package. However, the merits can often be outweighed by the dangers. With these new capabilities, teams can clear this hurdle by sharply reducing the work required to understand the impact of dependency upgrades, and stay safe when the risk of upgrades is too high. It’s always been our mission to make security less of a burden on software engineers, and with this launch we continue to help security teams become better partners.”
Endor Labs uses program analysis at the time of build to see exactly which third-party dependencies are used and how they interact with the application code. A deep understanding of the application is what makes it possible to get an accurate software inventory, eliminate noise based on reachability, and accurately predict breaking changes.
Upgrade Impact Analysis: By extending the program analysis engine to identify unintended consequences such as breaking changes to an application, AppSec teams can manage risk in the context of difficulty. Because they understand how various fix options will impact the application, they can:
- Improve Return on Investment of Remediation Efforts: Identify which upgrades can have the highest security impact in conjunction with the effort it takes
- Give Time Back to Developers: Reduce the need for manual research by providing developers with a prioritized list of upgrades ranked by complexity and impact
- Address Risks Faster: Make informed estimations of fix efforts with standardized research so they can quickly implement low effort/low risk fixes and make prioritization decisions for complex fixes.
Endor Magic Patches eliminate the hassle of hard-to-perform upgrades by providing security patches that are backported to the vulnerable version. The source code, patches, test, build and deploy steps are available to inspect, and the builds are completely reproducible and hermetic. AppSec teams can:
- Respond to Emerging Threats: Be ready for the next Spring4Shell with peace of mind that they can obtain a patch to ensure the organization stays safe while the team works to upgrade dependencies
- Balance Developer Workloads: Reduce the urgency of upgrading so developers can focus on releasing their planned features without unexpected delays
- Support FedRAMP Compliance: Mitigate vulnerability risk to protect sensitive information in alignment with government requirements.
Industry News
Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.
Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.
Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.
Check Point® Software Technologies Ltd.(link is external) launched its inaugural AI Security Report(link is external) at RSA Conference 2025.
Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.
Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.
vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.
Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.
Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.
Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.
SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.
Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.
Check Point® Software Technologies Ltd.(link is external) and Illumio, the breach containment company, announced a strategic partnership to help organizations strengthen security and advance their Zero Trust posture.