Blog

Defect Dojo Unveils New Features

Written by GREG ANDERSON | Apr 12, 2024 12:43:00 PM

Risk prediction, data importing, and reporting enhancements to support enterprise security efficiency and visibility

Austin, TX, April 12, 2024–DefectDojo, the company that powers DevSecOps, today announced several additions to the DefectDojo application security posture management (ASPM) platform. The three new features, Exploit Prediction Scoring System (EPSS) integration, data visualization, and a connector for BurpSuite, enable enterprises to create a better view into their security posture and reduce risk.

DefectDojo is the platform of choice for security professionals who want to create a single source of truth for all vulnerability data, streamline workloads, increase efficiency, and prioritize / manage risk faster. The updates to the platform address the complex and ever expanding needs for better analysis, reporting, and visibility in the modern enterprise.

 

EPSS Integration

EPSS enables risk-based prioritization by providing the probability that a specific vulnerability will be exploited. EPSS collects information about vulnerabilities and real-world exploit data. DefectDojo will make this data available to both our open source OWASP Edition users and DefectDojo commercial users.

In our OWASP Edition, security tools that provide EPSS data will be stored and displayed to make improved decisions based on risk and exploitability. In our Commercial Editions, we’re further enhancing this by pulling updates as they’re available from First to automatically enrich all data in DefectDojo.

BurpSuite Connector

Security vulnerability data ingestion is one of the key requirements that DefectDojo aims to solve. Connectors are a new way vulnerability data can be imported into DefectDojo. Connectors allow DefectDojo to interact directly with third-party security tools’ APIs to import findings automatically to DefectDojo, staying up to date with the latest scan data.

Joining the Semgrep and Snyk Connectors released in March 2024, the BurpSuite Connector lets teams pull all BurpSuite Enterprise data into DefectDojo seamlessly.

 

Custom Data Visualization

Every organization looks at security differently and security professionals must report security posture to a variety of constituents. The new DefectDojo data visualization enhancement enables the flexibility to display security vulnerability data with a depth and breadth appropriate to audiences including the Board of Directors, business owners, and other senior executives.

Pricing and Availability

EPSS and Connector enhancements are available immediately. Data Visualization will be available in May 2024. EPSS integration is included in both the open source OWASP Edition and the Commercial versions of DefectDojo. Connectors and upgraded reporting are exclusive to DefectDojo Pro and Enterprise editions.

About DefectDojo

DefectDojo is the company and the product that powers DevSecOps. Our open platform transforms security information management, connecting security strategy and informed execution for intelligent risk management. Security and DevSecOps teams can aggregate, automate, and integrate data from more than 170 security tools for a unified view of security posture and compliance, streamlined workflows, and improved decision-making. DefectDojo was created by security pros for security pros. To learn more, visit defectdojo.com.

###