Legit Security enhances ASPM with risk-based vulnerability assessment

Legit Security has upgraded its application security posture management platform with the introduction of new features that assess the actual risk posed by vulnerabilities and analyze security risks associated with application programming interfaces, DevOps reports.

The enhancements seek to help DevSecOps teams prioritize remediation efforts by providing critical context about which vulnerabilities are genuine threats to application security. Legit Security Chief Technology Officer Liav Caspi emphasized that not all high-scoring vulnerabilities are immediate threats, as some may not be accessible from the internet or actively running in memory.

The platform uses machine learning, generative artificial intelligence, and data science techniques to detect security issues in code repositories, source code management tools, logs, artifacts, and documentation. Additionally, the software-as-a-service platform offers preventive guardrails through the Legit command line interface on developer endpoints.

The updated ASPM platform evaluates whether sensitive data, APIs, and other services are exposed by a vulnerability, allowing teams to focus on the most critical security issues. It also generates a continuously updated software bill of materials to support long-term security management.