WhiteSource Joins OASIS's Static Analysis Standards Technical Committee

March 22, 2019 Sivan Nahum

 WhiteSource, the leader in continuous open source security and license compliance management, announced today they have joined as a member to the Organization for the Advancement of Structured Information Standards (OASIS).

The international consortium is one of the leading organizations in driving the development and adoption of open standards in the technology sector, counting market leaders and governments as their members.

By joining OASIS, WhiteSource seeks to bring its vast experience and insights in the management of open source software vulnerabilities, helping to guide the organization's approach to the setting of standards for the industry.

As part of the membership, WhiteSource's Director of R&D Innovation Dr. Aharon Abadi will represent the company on OASIS's Static Analysis Results Interchange Format (SARIF) technical committee.

"By joining SARIF, WhiteSource will be able to take a proactive role in ensuring that the standards are created to prioritize open source security, integrating our understanding of how effective usage analysis affects vulnerability management to help drive the conversation in the industry forward," says Dr. Abadi in his statement.

Dr. Abadi believes that by becoming a participant on the technical committee along with other significant actors in the software security markets including Microsoft, FireEye, and CA Technologies, WhiteSource will be able to influence the direction of standards creation at a significantly larger scale, introducing fresh approaches for prioritization and remediation of vulnerabilities in open source components.

A particular focus for Dr. Abadi will be his research on effective usage analysis on open source vulnerabilities that has been proven to reduce the scope of alerts by over 70%. Dr. Abadi hopes that by integrating WhiteSource's innovative approach to understanding how open source components are in fact being used by proprietary software, SARIF will be able to reshape the standards for prioritizing remediations throughout the software industry.

Previous Article
WhiteSource Releases New Bitbucket Server Integration
WhiteSource Releases New Bitbucket Server Integration

Next Article
WhiteSource Launches New Product for E2E Open Source Security Throughout Container Lifecycle
WhiteSource Launches New Product for E2E Open Source Security Throughout Container Lifecycle