WhiteSource, the leader in continuous open source security and compliance management, today announced that it has been evaluated in The Forrester Wave™: Software Composition Analysis (SCA) Q1 2017. The report evaluated the top software composition analysis solutions and rated their current offering, strategy and market presence.
Forrester research report named "the six (SCA) providers that matter most and how they stack up," and assessed the offering of all vendors and ranked WhiteSource with the highest score in the current offering category. The report specifically note that "WhiteSource offers strong support for proactive vulnerability management, policy management, and SDLC integration, with sound vulnerability identification capabilities as well."
In addition, the Forrester report states that "developers use open source components as their foundation, creating application using only 10% to 20% new code". It goes on to explain that in order "to reduce [open source] risks, security pros are turning to SCA tools" and that "open source risks demand an automated solution".
The Forrester report states that security pros expect, at a minimum, the following benefits from SCA tools: 1) Find & fix open source security vulnerabilities quickly. 2) Automate open source license detection with resolution capabilities. 3) Flexible policies enforcement options that increase alignment with business need. 4) Integration throughout the software development lifecycle (SDLC) to block usage of vulnerable or risky components as early as possible in the process.
"We are delighted that WhiteSource received the highest score in the current offering category by Forrester research." said Rami Sass, co-founder and CEO of WhiteSource. "It is our view that to achieve this ranking from one of the industry's leading analyst firms affirms our customers' confidence that they have selected the right partner to secure and manage their open source usage. We believe this recognition is strong evidence that WhiteSource delivers the most comprehensive platform enabling enterprises to increase open source adoption without compromising on its security and compliance risks, while improving development teams' efficiencies and meets the needs of application security in continuous deployment environments."