Since we know the exact open source content of each project of each of our customers at any given point in time, we can proactively and immediately alert them when relevant vulnerabilities are found, as well as when they are fixed
New York, NY (PRWEB) September 18, 2013
White Source, the leading provider of agile open source management solutions announces a new service that proactively alerts customers on security vulnerabilities. White Source already notifies customers when new versions are available that fix these security issues and other bugs, or just add functions and improve performance.
In today’s business climate, developers are increasingly leaning on third-party open source components. This new development model enables companies to develop faster, reduce costs and improve efficiency. However, it also calls for organizations to ensure proper management of their use of open source components.
According to the Veracode State of Software Security report, 70% of applications fail to comply with basic enterprise security policies, such as OWASP Top 10 and CWE/SANS Top 25.There is some debate on whether open source components are more or less secure than proprietary code. On one hand, hackers can openly scan open source code for vulnerabilities. On the other hand, open source code is subject to greater scrutiny by more people. But for sure, some vulnerabilities are due to open source components that are included in applications.
Indeed, when vulnerabilities are discovered in open source code they are often fixed quickly. However, letting all users of such open source libraries know about the vulnerability, and then about the fix, is not a small challenge.
White Source closes the loop for its customers. “We are continuously searching the various repositories for security vulnerabilities, as well as for new versions that fix these vulnerabilities and fix other bugs”, says Rami Sass, CEO of White Source. “Since we know the exact open source content of each project of each of our customers at any given point in time, we can proactively and immediately alert them when relevant vulnerabilities are found, as well as when they are fixed. This provides a tremendous and immediate value to R&D, QA, and Support teams”.
When a developer uses open source he often chooses the latest version of the library, but from that point on, there is often no one tasked with continuously monitoring the various repositories for newly discovered vulnerabilities or fixes. As a result, software products are often shipped with known vulnerabilities and other bugs hidden within the open source components they rely on. “A recent research we have conducted discovered that 85% of software projects contained at least one outdated open source component. This represents a significant risk for the customer using the software, and ultimately for the software vendor itself”, says Mr. Sass.
White Source provides a simple to use SaaS platform for the management of open source components by development teams. White Source weaves into the development management process
- Automatically identifying open source components when they are first used by developers.
- Providing a rich set of tools that automates compliance with open source licenses and with organizational policies.
- Automating the lifecycle management of open source components, alerting customers on usage patterns, outdated versions, and now on security vulnerabilities.
With the new functionality, White Source customers are now automatically notified when a security vulnerability is discovered in specific open source component used in one of their projects, as well as when a new version is available that fixes it.
You are invited to join us in a free webinar on October 8th, 9:30 am EST, where Mr. Rami Sass, CEO at White Source will present statistics on open source security risks, outline the scope of the problem, and propose best practices for managing open source. You'll learn how to reduce open source risks and boost developer efficiency.
To pre-register for the event, please visit webinar registration page
About White Source
White Source is the leading provider of agile open source lifecycle management solutions. Our cloud-based service is comprehensive, yet easy to use, and very affordable; enabling companies of all sizes to fully realize the advantages of open source software, while mitigating the legal, business and technical risks, and without over-burdening developers. White Source features a dynamic repository of information about open source libraries and their licenses, as well as information about license risks, compliance requirements, security vulnerabilities, and new versions. Our service makes it easy to implement best-practice business processes for open source adoption, usage, updates, and ongoing compliance. Founded in 2011, White Source is a privately held company with offices in New York and Tel Aviv. For more information, visit http://www.whitesourcesoftware.com/