The client is a leading provider of risk, compliance management and analytical solutions for the financial services industry. They have more than a decade of experience in solving complex risk and compliance issues in major banks and financial services organisations across the world.
Our security team was asked to help implement DevSecOps into the client’s pipeline. After running the vulnerability scan tools, the results were automatically collected by Orchestron and correlated.
To the alarm of developers at the client organization, we discovered over 700 unique vulnerabilities in their application systems. It would be very difficult and time-consuming to individually remediate each and every one of them. If they decided to go ahead, it would cause a total logjam in their DevOps pipeline until they cleared out enough vulnerabilities to resume development.
Instead, the client asked the Orchestron team to create a list of the highest-priority vulnerabilities so they could focus on fixing those first.
700+ discovered vulnerabilities
Over 300 unused libraries
80% of vulnerabilities from libraries