New York, NY, USA
May 13, 2021   |  By Julie Peterson
Ponemon Institute’s Reducing Enterprise Application Security Risks: More Work Needs to Be Done looks at the reasons why many enterprises consider the application layer to be the highest security risk. Ponemon Institute, in partnership with WhiteSource, surveyed 634 IT and IT security practitioners about their enterprises’ approach to securing applications.
May 3, 2021   |  By Maciej Mensfeld
Another day, another supply chain attack. No sooner did we recover from the SolarWinds breach, than we found ourselves reeling from a new ClickStudio attack. That’s why we’ve decided to launch this new series, fondly named The Source, to provide you with the latest news and updates on supply chain security. On this installment of ‘The Source’, get to know the red hot supply chain attack methods du jour.
Apr 29, 2021   |  By Patricia Johnson
The ever-evolving threat landscape in our software development ecosystem demands that we put some thought into the security controls that we use throughout development and delivery in order to keep the bad guys away. This is where the secure software development life cycle (SSDLC) comes into play. Organizations need to make sure that beyond providing their customers with innovative products ahead of the competition, their security is on point every step of the way throughout the SDLC.
Apr 22, 2021   |  By Julie Peterson
DevSecOps has fundamentally changed the way in which organizations approach security in modern software development. The role of developer security champion was created to meet the need for security to be tightly integrated into DevOps and DevSecOps practices. Read on to learn more about what developer security champions are and how they help promote secure coding best practices as organizations work toward continuous integration and delivery.
Apr 20, 2021   |  By Rhys Arkins
Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of WhiteSource. At WhiteSource we believe that open source risk management is a pillar of software supply chain security, and Diffend helps us extend our capabilities in this area. While 99.999% of open source releases may be safe, our customers trust us to help identify the ones that could do harm and should be avoided.
Apr 14, 2021   |  By Ayala Goldstein
It’s that time of year again: WhiteSource’s annual State of Open Source Security Vulnerabilities for 2021 is here. Once again, when 2020 came to a close, our research team took a deep dive into the WhiteSource database to learn what’s new and what stayed the same in the ever-evolving world of open source security.
Apr 8, 2021   |  By Ayala Goldstein
Forrester’s Annual State of Application Security Report has become a touchstone for organizations on their journey to achieve AppSec maturity. As the software development industry and threat landscape continue to evolve, Forrester’s State of Application Security Report for 2021’s main message is that while applications are still a major attack vector, analysts found signs of hope in their research.
Apr 1, 2021   |  By Julie Peterson
We here at WhiteSource often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to this question is a resounding and absolute yes! At WhiteSource, we believe in practicing what we preach.
Mar 25, 2021   |  By Ayala Goldstein
The financial industry’s digital transformation is highly reliant on applications, just like the rest of the software development ecosystem. This requires everyone involved to invest in application security management as part of the effort to protect their data and systems.
Mar 18, 2021   |  By Julie Peterson
From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos, the internet of things is all around you. The internet of things (IoT) describes the network of interconnected devices embedded with sensors, software, or other technology that exchange data with other devices and systems over the Internet.
Apr 28, 2021   |  By WhiteSource
Vonage automates open source security using developer-focused tools within their native development environment.
Apr 27, 2021   |  By WhiteSource
Vonage automates open source security using developer-focused tools within their native development environment.
Nov 24, 2020   |  By WhiteSource
WhiteSource Merge Confidence helps developers update and remediate their dependencies fearlessly. Save time and resources with Merge Confidence integrated into your workflows to setup automated pull requests triggered per confidence level.
Oct 20, 2020   |  By WhiteSource
Open Raven CEO and founder of OWASP, Mark Curphey, explains why he wanted to ensure Open Raven's developers could detect license and vulnerability issues earlier in the development life cycle and why WhiteSource was the obvious choice.
Sep 3, 2020   |  By WhiteSource
Keep your open source components secure and compliant with native browser, IDE and repositories integration using WhiteSource for Developers.
Jun 2, 2020   |  By WhiteSource
With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. “Pushing left” refers to starting security earlier in the SDLC; addressing the problem throughout the process. From scanning your code with a vulnerability scanner to red team exercises, developer education programs and bug bounties, this talk will show you how to ‘push left', like a boss.
May 29, 2020   |  By WhiteSource
WhiteSource provides a powerful yet simple solution for companies that need to secure and manage their open source components in their applications. As the only enterprise-grade solution that is focused exclusively on open source management, WhiteSource is trusted by the 25 of Fortune 100 companies.
May 10, 2020   |  By WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. the DevOps pipeline
Apr 26, 2020   |  By WhiteSource
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of.
Apr 19, 2020   |  By WhiteSource
Thanks to containerization and automation, applications are being developed and delivered faster than ever. With tools such as AWS ECR, developers are able to store, manage and deploy Docker container images without having to worry about operating their own container repositories or scaling the underlying infrastructure. With this, however, arise challenges around managing the security and compliance aspect of your container images. With tools such as WhiteSource, developers are able to manage the security of their containers and container images with no impact on agility and speed.
Jul 1, 2020   |  By WhiteSource
We surveyed over 650 developers, and collected data from the NVD, security advisories, peer-reviewed vulnerability databases, issue trackers and more, to gather the latest industry insights in open source vulnerability management.
Jul 1, 2020   |  By WhiteSource
Behind every developer is a beloved programming language. In heated debates over which language is the best, the security card will come into play in support of one language or discredit another. We decided to address this debate and put it to the test by researching WhiteSource's comprehensive database. We focused on open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, and C++, to find out which programming languages are most secure, which vulnerability types (CWEs) are most common in each language, and why.
Jun 1, 2020   |  By WhiteSource
Developers across the industry are stepping up to take more responsibility for their code's vulnerability management. In this report we discuss trends in how security is shifting left to the earliest stages of development, putting the power developers in the front seat. We explore the growth of automated tools aimed at helping developers do more with fewer resources and look for answers on what is needed to help close the gap from detection to remediation.
Jun 1, 2020   |  By WhiteSource
Software development teams are constantly bombarded with an increasingly high number of security alerts. Unfortunately, there is currently no agreed-upon strategy or a straightforward process for vulnerabilities' prioritization. This results in a lot of valuable development time wated on assessing vulnerabilities, while the critical security issues remain unattended.

No component overlooked. WhiteSource identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle. The result? Faster, smoother development without compromising on security.

Not all vulnerabilities are created equal. WhiteSource prioritizes vulnerabilities based on whether your code utilizes them or not, so you know exactly what needs your attention the most. This reduces security alerts by up to 85%, allowing you to remediate more critical issues faster.

Complete Platform:

  • WhiteSource Core: We help you keep things in order.WhiteSource is built to streamline your open source governance. With a full layer of alerting, reporting and policy management, you are effortlessly secure and always in control.
  • WhiteSource for Developers: WhiteSource for Developers is uniquely designed to simplify developers’ work, while keeping the code secure. Its suite of tools helps speed up integration, find problematic components, and remediate them quickly and easily.
  • WhiteSource for Containers: WhiteSource integrates into all stages of the container development lifecycle, including container registries and Kubernetes with automated policy enforcement for maximum visibility and control.

The simplest way to secure and manage open source components in your software.