In the second half of 2017, our foci on Lucent Sky AVM are better, broader vulnerability remediation and faster, more scalable scan performance, by taking advantage of the new analysis and remediation engines introduced in the last release. Lucent Sky AVM 4.6 provides enhancements in these two areas through a new branch of the remediation engine that generates context-aware vulnerability remediation for insecure design issues, and a new intelligent scan algorithm that improves intelligent scan coverage to more applications.

Updates in Lucent Sky AVM 4.6 include:

• Context-aware remediation suggestion - Lucent Sky AVM has long focused on providing direct and functional vulnerability remediation, Instant Fixes, that developers can just drop-in to replace vulnerable code. However, there are some vulnerabilities that are resulted from insecure design, such as use of insecure cryptographic algorithms and storing sensitive data in plaintext. Although still unable to directly replace the vulnerable code that causes these issues, starting in Lucent Sky AVM 4.6, context-aware remediation suggestion will be generated for these vulnerabilities, so developers will have a better understanding on what causes the vulnerabilities and how to remediate them. Context-aware suggestions are currently only available to a limited set of vulnerability types, but will be extended to cover more vulnerability types in the next few releases. This feature is currently in preview and requires enabling preview mode to function. To enable preview features on your Lucent Sky AVM instances, join the Lucent Sky AVM Preview Program.
• Improved intelligent scan - The algorithms for intelligent scan have been updated, allowing the scope of both new and subsequent scans be determined more accurately. Additionally, the new algorithms are capable of supporting more application structures of Java (both JDK and Android) applications.
• Improved confidence score calculation - The algorithms for confidence score have been modified to more accurately calculate the confidence score of Instant Fixes. The modification only impacts new scans - results in existing scans will retain their current confidence score.
• CLI updates - The CLI has been updated to provide user management capabilities. To learn how to use CLI to manage users, visit Getting Started with Lucent Sky AVM – Using CLI.

Updating to 4.6

If you are using Lucent Sky AVM Enterprise, Standard or Test Edition (either on-premise or cloud) and have an active subscription or maintenance agreement, you can update to Lucent Sky AVM 4.6 immediately. Our support team will reach out to you shortly to schedule an update. If you are using Lucent Sky AVM On-Demand, your server will be updated to Lucent Sky AVM 4.6 in the next few days.