WhiteSource Launches Software Composition Analysis Technology for Prioritizing Open Source Security Alerts

WhiteSource, the leader in open source security and license compliance management announced today the launch of its next-generation Software Composition Analysis solutions – Effective Usage Analysis. The newly developed technology provides details beyond simply which components are present in the application, delving deeper with actionable insights on how components are being used, highlighting their impact on the security of the application.

This new technology will reduce open source vulnerability alerts by 70%, showing which vulnerabilities are effective (i.e. getting calls from the proprietary code) and impact the security of the application, and which ones are ineffective. WhiteSource’s internal research on Java applications has found that only 30% of reported alerts on open source components with known vulnerabilities originate from effective vulnerabilities and require high prioritization for remediation.

 

 

WhiteSource’s innovative Effective Usage Analysis technology adds a never before seen level of resolution for understanding which functionalities are indeed effective. This reduces open source vulnerability alerts, and provides actionable insights with full trace analysis, pinpointing the vulnerabilities’ exact location in the code to lead to faster, more efficient remediation.

“Our Effective Usage Analysis technology allows security and engineering teams to cut through the noise to correctly prioritize threats to the security of their products,” explains WhiteSource’s CEO Rami Sass. “Prioritization is key for managing time and limited resources. By showing security and engineering teams which vulnerable functionalities are the most critical and require their immediate attention, we are giving them the confidence to plan their operations and optimize remediation.”

The Effective Usage Analysis will support Java and JavaScript upon its release, and will be later expanded to additional languages. It is currently in beta testing and will be fully available in June.