Skip to main content

Broadcom Aims to Better Secure Spring Applications in the AI Era

Broadcom today released a raft of updates to the open source Spring framework for building Java applications to primarily address a wave of vulnerabilities discovered by researchers using artificial intelligence (AI) tools.

At the same time, Broadcom is also adding a managed service through which organizations can secure thousands of Spring dependencies for organizations building applications using its distribution of the Spring framework. That service is based on the Bitnami clean room technology that Broadcom uses to create secure images and Tanzu Buildpacks that automatically convert source code into images based on the Open Container Image (OCI) format.

Broadcom gained access to that platform as part of its acquisition of VMware, with the Spring framework now part of the Tanzu division of Broadcom, which focuses on Java application development and the open source Cloud Foundry platform-as-a-service (PaaS) environment through which Buildpacks were first developed.

Kevin Strohmeyer, head of marketing for the Tanzu division of Broadcom, said collectively these initiatives highlight Broadcom’s ongoing commitment to the Spring framework and its willingness to provide additional services to enable organizations to secure their Java supply chains.

Now that security researchers are using the latest generation of frontier models to discover more vulnerabilities, Broadcom today revealed that the number of monthly security advisories reported to Broadcom by the Spring community increased by more than 1,700% from March to April of this year. Enterprise IT organizations as a result are now looking to Broadcom to provide additional services to ensure that patches that are created to remediate these zero-day vulnerabilities are validated and applied as quickly as possible, said Strohmeyer.

It’s not clear what impact the sudden discovery of thousands of zero-day vulnerabilities is having on DevSecOps workflows but the amount of time required to create an exploit continues to rapidly decline in the AI era. In many cases, exploits are now starting to be created even before there is a patch available.

Ultimately, each organization is going to need to recalibrate their level of risk appetite. Historically, most organizations were more concerned a patch might be worse than the disease because if deployed it could take an application offline. However, in the age of AI it’s clear that cybercriminals and other adversaries are now able to exploit a vulnerability in a few hours. In the event of a breach, the amount of damage that could be inflicted might prove to be more catastrophic than an application being temporarily unavailable.

The challenge, of course, is assessing that risk because there are, of course, applications that generate millions of dollars in revenue per minute. In those instances, the level of risk attached to a zero-day vulnerability might not seem so high.

Regardless of approach, however, the one thing that is certain is the way vulnerabilities were managed in the past is never going to be the same in the AI era. In fact, many DevSecOps teams may soon find themselves continuously patching applications to stay one step ahead of cybercriminals are forever now going to be hard on their heels.



from DevOps.com https://ift.tt/Svjr4Re
Labels:

Comments

Post a Comment

Popular posts from this blog

Mistral Moves Coding Agents to the Cloud — and Gets Out of Your Way

For the past year or so, AI coding agents have been tethered to your local machine. You kick off a task, watch the terminal, and babysit every step. It works — but it’s not exactly hands-free. Mistral just changed that. On April 29, the Paris-based AI company announced remote coding agents for its Vibe platform, powered by a new model called Mistral Medium 3.5. The idea is simple: Instead of running coding sessions on your laptop, they now run in the cloud — asynchronously, in parallel, and without you watching over them. What’s Actually New Coding sessions can now work through long tasks while you’re away. Many can run in parallel, and you no longer become the bottleneck at every step the agent takes. That’s the core pitch. You start a task from the Mistral Vibe CLI or directly from Le Chat — Mistral’s AI assistant — and the agent handles the rest. When it’s done, it opens a pull request on GitHub and notifies you, so you review the result inste...
Post a Comment
Read more

Co-Developing an AI Native Observability Platform  

As AI capabilities continue to evolve, AI is becoming central to managing the growing complexity of distributed, hybrid enterprise environments, enabling more effective analysis, correlation, and automation across interconnected systems.   Traditional infrastructure and specifically network monitoring approaches, often built around siloed tools and static thresholds, struggle to keep pace with the scale, velocity, and interdependencies of modern systems. Further blurring the boundaries between network, application, and infrastructure domains makes it harder to isolate root causes and maintain operational resilience. In this context, AIOps platforms have emerged as one response to the growing need for integrated observability, automation, and data-driven decision-making.   At AI Field Day, Selector AI presented an AIOps platform, which can be considered a foundation for co-creating more adaptive and data-driven network operations. Rather than positioning it purely as a product choice,...
Post a Comment
Read more

They Survived Covid. Now They Need New Lungs.

They Survived Covid. Now They Need New Lungs. By Daniela J. Lamas from NYT Opinion https://ift.tt/3aQtonL Transplants, Lungs, Coronavirus (2019-nCoV), Hospitals
Post a Comment
Read more