Toward third-party immune applications

Component reuse has become a trend in software engineering. However, third-party components have the potential to introduce vulnerabilities into software applications and become the weakest link in the security chain. In this paper, we discuss the limitations of traditional security practices and controls against vulnerable components. As a solution, we present a software design and development approach, combined with a collaborative, cloud-based vulnerability and threat management system. This combination aims at enabling applications to gain “artificial immunity” to third-party components by dynamically identifying and controlling related security risks. It also strives to promote the automatic discovery of, and near real-time information dissemination about emerging threats and zero-day vulnerabilities. At the heart of our solution, we use application-level API sandboxing, as well as adaptive signature-based and anomaly-based API intrusion detection and prevention. The need-to-know, cost-effectiveness, and user acceptance through separation of concerns have been our guiding security engineering principles. © 2017, Springer International Publishing AG.