SciTransfer
PROWEB · Project

Automated Security Patching for Open-Source Website Applications

digitalMarket-readyTRL 9

Imagine your house is built using pre-made parts from different stores, but some of those parts have hidden flaws that burglars know how to exploit. This system acts like a smart security guard that finds those flaws before the burglars do. It then instantly puts a digital 'shield' over the weak spot so you don't have to wait for the manufacturer to fix the part.

By the numbers
4566
new unique security vulnerabilities reported and fixed in 2024
The business problem

What needed solving

Websites built with open-source plugins are easy to create but hard to secure because code comes from many different sources. This makes it difficult for companies to find and fix security holes before hackers exploit them.

The solution

What was built

A virtual patching engine and a vulnerability intelligence platform. It includes a code repository for WordPress, WooCommerce, Drupal, and Joomla, plus connectors for software analysis.

Audience

Who needs this

WordPress agency ownersE-commerce store managersCorporate WebmastersCybersecurity Managed Service Providers (MSPs)
Business applications

Who can put this to work

E-commerce
any
Target: Online Retailer using WooCommerce

If you are an online retailer dealing with the risk of data breaches in your store plugins — this project developed a virtual patching engine that provides vulnerability-specific protection rules. This allows you to secure your shop against 4566 new unique vulnerabilities reported in 2024 alone.

Media & Publishing
enterprise
Target: Large Digital News Outlet

If you are a media outlet dealing with the complexity of checking third-party code across a massive WordPress site — this project developed a software composition and vulnerability analysis tool. It automatically identifies security gaps and deploys mitigation rules to keep the site online.

Corporate IT
enterprise
Target: Fortune 500 Company Web Department

If you are a corporate IT team dealing with the slow process of manual security updates for Drupal or Joomla — this project developed a semi-automated process using crowdsourced intelligence. This significantly speeds up the mitigation effort by using pre-made templates for protection.

Frequently asked

Quick answers

What is the cost or pricing model for this solution?

Based on available project data, specific pricing or cost structures are not mentioned.

Can this be scaled to a large number of websites?

Yes, the system is designed for everything from small blogs to Fortune 500 companies and has already processed 4566 unique vulnerabilities in 2024.

How is the intellectual property or licensing handled?

Based on available project data, specific IP or licensing terms are not provided, though the coordinator is an SME (Patchstack OU).

How does this integrate with existing websites?

The project created connectors that link applications to the Patchstack App to retrieve software information for analysis.

How quickly can a new vulnerability be mitigated?

The new virtual patching engine generates protection rules significantly faster by using simplified syntax and pre-made templates.

Consortium

Who built it

The project is led by a single entity, Patchstack OU, an Estonian SME. With a 100% industry ratio and no university or research partners, the project is purely commercially driven, focusing on rapid deployment and market application of security tools.

How to reach the team

Contact Patchstack OU in Estonia

Next steps

Talk to the team behind this work.

Contact us to explore licensing or integration of this virtual patching technology.