New service offers alert on security vulnerabilities discovered in the specific open source libraries companies use in their own products.
WhiteSource, the leading provider of agile open source management solutions announces a new offering to its customers of proactive alerts on security vulnerabilities . WhiteSource already notifies customers when new versions are available that fix these security issues and other bugs, or just add functions and improve performance.
In today’s business climate, developers are increasingly leaning on third-party open source components. This new development model enables companies to develop faster, reduce costs and improve efficiency. However, it also calls for organizations to ensure proper management of their use of open source components.
According to the Veracode State of Software Security report, 70% of applications fail to comply with basic enterprise security policies, such as OWASP Top 10 and CWE/SANS Top 25.There is some debate on whether open source components are more or less secure than proprietary code. On one hand, hackers can openly scan open source code for vulnerabilities. On the other hand, open source code is subject to greater scrutiny by more people. But for sure, some vulnerabilities are due to open source components that are included in applications.
Indeed, when vulnerabilities are discovered in open source code they are often fixed quickly. However, letting all users of such open source libraries know about the vulnerability, and then about the fix, is not a small challenge.
Real-Time Alerts on Security Vulnerabilities
WhiteSource closes the loop for its customers. “We are continuously searching the various repositories for security vulnerabilities, as well as for new versions that fix these vulnerabilities and fix other bugs”, says Rami Sass, CEO of WhiteSource. “Since we know the exact open source content of each project of each of our customers at any given point in time, we can proactively and immediately alert them when relevant vulnerabilities are found, as well as when they are fixed. This provides a tremendous and immediate value to R&D, QA, and Support teams”.
When a developer uses open source he often chooses the latest version of the library, but from that point on, there is often no one tasked with continuously monitoring the various repositories for newly discovered vulnerabilities or fixes. As a result, software products are often shipped with known vulnerabilities and other bugs hidden within the open source components they rely on. “A recent research we have conducted discovered that 85% of software projects contained at least one outdated open source component. This represents a significant risk for the customer using the software, and ultimately for the software vendor itself”, says Mr. Sass.
WhiteSource provides a simple to use SaaS platform for the management of open source components by development teams. White Source weaves into the development management process
- Automatically identifying open source components when they are first used by developers.
- Providing a rich set of tools that automates compliance with open source licenses and with organizational policies.
- Automating the lifecycle management of open source components, alerting customers on usage patterns, outdated versions, and now on security vulnerabilities.
With the new functionality, WhiteSource customers are now automatically notified when a security vulnerability is discovered in specific open source component used in one of their projects, as well as when a new version is available that fixes it.
You are invited to join us in a free webinar on October 8th, 9:30 am EST, where Mr. Rami Sass, CEO at WhiteSource will present statistics on open source security risks, outline the scope of the problem, and propose best practices for managing open source. You’ll learn how to reduce open source risks and boost developer efficiency.
To pre-register for the event, please visit webinar registration page