Lucent Sky AVM 3.5 is the second major update of the year, which brings updates to the mitigation algorithms (including a general availability update and a preview update) and improvements on analysis on mobile apps. Also included are minor UI updates.
Updates in Lucent Sky AVM 3.5 include:
- Mitigation algorithms general availability update - The general availability (GA) update focuses on makes remediation more accurate. As a result, some vulnerabilities that previously had no remediation available or a low mitigation confidence score should have confidence remediation available (a re-scan is required). As a GA update, it will be enabled to all scans done in Lucent Sky AVM 3.5.
- Mitigation algorithms preview update - The preview update enables remediation on additional vulnerabilities and should improve remediation rate of vulnerabilities such as cross-site scripting and privacy violation in .NET web applications. As a preview update, it is only available on Lucent Sky AVM instances with preview features enabled and will only be enabled with the scan argument mitigation,preview. To enable preview features on your Lucent Sky AVM instances, join the Lucent Sky AVM Preview Program.
- Mobile app analysis engine improvements - Lucent Sky AVM is now capable of identifying buffer overflow (CWE-120) and use of dangerous function (CWE-242) in mobile apps developed with iOS (Objective-C), as well as identifying additional variation of use of broken or isky cryptographic algorithm (CWE-327) in all supported technology stacks.
- Minor UI updates - Minor UI updates were included in this release to improve Web UI usability, such as providing more license details.
If you are using Lucent Sky AVM Enterprise, Standard or Test Edition (either on-premise and cloud), you can update to Lucent Sky AVM 3.5 immediately. Our support team will reach out to you shortly to schedule an update. If you are using Lucent Sky AVM On-Demand, your server will be updated to Lucent Sky AVM 3.5 in the next few days.