WhiteSource, the leader in open source security and license compliance management, announced today the extension of WhiteSource Prioritize, helping developers and security teams address open source vulnerabilities more effectively and efficiently.
First introduced for Java, WhiteSource Prioritize will now support Python, JavaScript, and C#, greatly increasing the number of developers that can more easily manage open source vulnerabilities. With the sharp rise of reported open source vulnerabilities in recent years, software development and security teams are faced with new challenges as teams can no longer address all security vulnerabilities and remain on schedule. Prioritization is quickly becoming a necessity in order to focus limited development resources on the most critical issues.
Indeed, by scanning open source components with known vulnerabilities and assessing their security impact, WhiteSource Prioritize can detect whether a developer’s proprietary code is making calls to the vulnerable portion of the open source component – or whether the developer’s code ever actually accesses the vulnerability. This then determines whether the detected vulnerability in the open source component actually represents a risk – and whether the vulnerability in question needs to be addressed right away. WhiteSource’s research shows that as low as 15% of Java open source vulnerabilities actually present a risk and need to be urgently remediated.
With only a small fraction of all vulnerabilities truly presenting a risk, “WhiteSource Prioritize is a real game changer for security and engineering teams,” said David Habusha, WhiteSource’s VP of Products, “customers who have already upgraded to WhiteSource Prioritize report that their developers no longer need to spend as much time dealing with all of the security alerts in their systems; instead, they now move confidently and swiftly through a validated remediation process and save precious development hours.”
WhiteSource Prioritize for Java, JavaScript, and Python is available today, with C# support coming soon.