Israel-based startup Oligo Security is exiting stealth mode with the public launch of its namesake software, offering a new wrinkle in library-based application security monitoring, observability, and remediation. Utilizing a technology called extended Berkeley Packet Filter (eBPF), it is able to provide agentless security coverage for open source code.Given the prevalence of open source code in modern software \u2014 Oligo contends that it accounts for something like 80% or 90% \u2014 there is a need for software composition analysis solutions that can check the code for potential vulnerabilities. The current generation of solutions, however, is \u201cnoisy,\u201d according to Oligo. It tends to produce a lot of false positives, and doesn\u2019t contextualize alerts within a given runtime. The latter tendency is unhelpful for setting remediation priorities.\u00a0Most security monitoring tools of this kind are based on runtime application security protection (RASP), which requires an agent that lives in the application, according to Jim Mercer, IDC research vice president for devops and devsecops.eBPF, on the other hand, allows programs to run inside the operating system, acting as an in-kernel virtual machine that enables data collection from applications and network resources, offering a granular level of observability and allowing for the creation of a dynamic SBOM (software bill of materials).\u201cSo a key benefit of the Oligo solution is that it is agentless and leverages eBPF,\u201d Mercer said. \u201cA traditional knock on the RASP technology is that the agent does introduce some overhead into your application.\u201dOligo contextualizes security alertsMoreover, since the agentless, eBPF-based Oligo offering works on the operating system level, can put alerts into context \u2014 prioritizing fixes for vulnerabilities that are active deviations from a given code library\u2019s permission policy, the company said. This saves on development time by keeping the focus on actual attack surfaces, not just known potential vulnerabilities.The Oligo approach, however, isn\u2019t without potential pitfalls, according to Mercer. For one thing, it is designed only to catch known vulnerabilities, whereas some types of RASP-based system can identify new insecurities in both natively written and open source code. Moreover, the more selective alerting system has the potential, if it is configured inexpertly, to miss potentially serious issues.\u201cI suspect the key here is sound policy management, and it might behoove Oligo to provide content that can help organizations write secure but not noisy policies,\u201d Mercer said.Nevertheless, Mercer noted, the Oligo approach is likely to appeal to a wide variety of potential customers, given the aforementioned ubiquity of open source code, and could even be used to search out vulnerabilities in commercial software.\u201cOverall, [Oligo\u2019s more selective approach] is likely a good thing, since there are open source libraries you may use that have vulnerabilities, but you are not using them in a vulnerable manner,\u201d he said.The company\u2019s technology is already in use by businesses in the computing, analytics software and real estate markets, though current pricing and availability data was not immediately available.Other cybersecurity companies have also been tapping eBPF. For example, in August last year, Traceable AI added eBPF to its security platform for deeper API observability and visibility.