If you are an online retailer dealing with the risk of data breaches in your store plugins — this project developed a virtual patching engine that provides vulnerability-specific protection rules. This allows you to secure your shop against 4566 new unique vulnerabilities reported in 2024 alone.
Automated Security Patching for Open-Source Website Applications
Imagine your house is built using pre-made parts from different stores, but some of those parts have hidden flaws that burglars know how to exploit. This system acts like a smart security guard that finds those flaws before the burglars do. It then instantly puts a digital 'shield' over the weak spot so you don't have to wait for the manufacturer to fix the part.
What needed solving
Websites built with open-source plugins are easy to create but hard to secure because code comes from many different sources. This makes it difficult for companies to find and fix security holes before hackers exploit them.
What was built
A virtual patching engine and a vulnerability intelligence platform. It includes a code repository for WordPress, WooCommerce, Drupal, and Joomla, plus connectors for software analysis.
Who needs this
Who can put this to work
If you are a media outlet dealing with the complexity of checking third-party code across a massive WordPress site — this project developed a software composition and vulnerability analysis tool. It automatically identifies security gaps and deploys mitigation rules to keep the site online.
If you are a corporate IT team dealing with the slow process of manual security updates for Drupal or Joomla — this project developed a semi-automated process using crowdsourced intelligence. This significantly speeds up the mitigation effort by using pre-made templates for protection.
Quick answers
What is the cost or pricing model for this solution?
Based on available project data, specific pricing or cost structures are not mentioned.
Can this be scaled to a large number of websites?
Yes, the system is designed for everything from small blogs to Fortune 500 companies and has already processed 4566 unique vulnerabilities in 2024.
How is the intellectual property or licensing handled?
Based on available project data, specific IP or licensing terms are not provided, though the coordinator is an SME (Patchstack OU).
How does this integrate with existing websites?
The project created connectors that link applications to the Patchstack App to retrieve software information for analysis.
How quickly can a new vulnerability be mitigated?
The new virtual patching engine generates protection rules significantly faster by using simplified syntax and pre-made templates.
Who built it
The project is led by a single entity, Patchstack OU, an Estonian SME. With a 100% industry ratio and no university or research partners, the project is purely commercially driven, focusing on rapid deployment and market application of security tools.
Contact Patchstack OU in Estonia
Talk to the team behind this work.
Contact us to explore licensing or integration of this virtual patching technology.