Project description
Securing software at the source
Modern software is built on layers of third-party code, and up to 90 % comes from open-source libraries. But these dependencies often carry hidden vulnerabilities, leaving applications exposed to cyberattacks. With supply chain threats expected to top Europe’s cybersecurity risks by 2030, action is urgent. In this context, the EU-funded COANA project is developing a breakthrough tool for software composition analysis. Unlike traditional methods, COANA prioritises only vulnerabilities that can actually be exploited, cutting developer workload and costs by up to 80 %. If widely adopted, it could save billions annually across Europe and challenge US dominance in this market. Backed by an EIC Transition grant, COANA is poised to reshape how developers build secure software.
Objective
Software development relies heavily on third-party libraries, with 70 - 90% of code in modern software applications coming from open-source dependencies. However, this dependency on external code can lead to serious security risks due to library vulnerabilities. According to the European Union Agency for Cybersecurity (ENISA), supply chain attacks on software dependencies will be the foremost cybersecurity threat by 2030.
Coana, a spinout of Aarhus University, is developing the next generation of Software Composition Analysis (SCA) to address this issue. Our groundbreaking program analysis tool infers data flow and generates call graphs for large, real-world libraries and applications with unprecedented speed and accuracy. Unlike conventional SCAs, our built-in reachability analysis lets developers focus on reachable vulnerabilities in their dependencies and ignore the unreachable ones. Since most vulnerabilities are unreachable, Coana reduces the burden and cost of managing vulnerabilities by at least 80%, enabling developers to focus on eliminating vulnerabilities that truly matter.
If successfully deployed in the market, Coana could assist 5.9M developers in the EU in building more secure software by 2033. This widespread adoption will help overturn US dominance in the EU’s SCA market while enabling Coana to be a new EU unicorn in the next 10 to 12 years. Developer time savings will help save €318k for a company with 100 developers and €18.7B for the 5.6M developers in the EU using Coana by 2033. Additionally, it will help save €5.6B lost due to vulnerabilities annually. The support of the EIC Transition grant is crucial to bringing this impactful solution to the market. This project aims to expand our curated vulnerabilities database, improve the recall for detecting vulnerabilities to over 90%, and extend language coverage to Java, Python, and Go. We will also validate our business model and develop the business plan to guide the route to commercialization.
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
- natural sciences computer and information sciences software
- natural sciences computer and information sciences databases
- natural sciences computer and information sciences computer security
You need to log in or register to use this function
Keywords
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
HORIZON.3.1 - The European Innovation Council (EIC)
MAIN PROGRAMME
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
HORIZON-EIC - HORIZON EIC Grants
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) HORIZON-EIC-2024-TRANSITION-01
See all projects funded under this callCoordinator
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
8200 Aarhus
Denmark
The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.