• Home
  • Newsroom
  • WhiteSource Releases Priority Score to Accelerate Application Security at Scale

WhiteSource Releases Priority Score to Accelerate Application Security at Scale

Innovative prioritization engine factors in advanced metrics such as business impact and library threat score.

TEL AVIV AND BOSTON – April 13, 2021 WhiteSource, the leader in open source security and management, today announced the release of its Priority Score technology to help organizations determine which security vulnerabilities pose the greatest risk, and which demand their most immediate attention.

The WhiteSource Priority Scoring technology enables users to assign business impact metrics to different products and projects, and create automated policies for remediation around them. Based on users’ automated policies, a priority score between 0 and 100 is then assigned to security issues in their system per library or vulnerability. Security teams can then make informed decisions and implement risk-based policies on the urgency of remediation required. 

As open source adoption increases, the number of known security vulnerabilities continues to grow every year. Software development and application security teams are increasingly relying on vulnerability detection tools throughout the development process. As a result, teams are often overwhelmed by the steady stream of security alerts that must be addressed. In most cases it’s impossible to fix all vulnerabilities without slowing down the pace of development.  

Once vulnerabilities are detected, teams need to find a way to prioritize them. How can development and security teams make sure they are not wasting valuable time fixing low-priority security issues? WhiteSource research shows that prioritizing open source vulnerabilities based on their analyzed security impact on software helps customers reduce the number of effective open source security vulnerabilities alerts by a substantial 85%, saving organizations a monthly average of 10 hours per developer.

Apart from business impact, some of the parameters taken into consideration by the WhiteSource Priority Scoring algorithm include CVSS Score (vulnerability severity), prioritization based on whether the proprietary code is making calls to the vulnerable method (effectiveness), availability of fix, ease of remediation, and malicious package probability.

Business impact is easily preconfigured by the user for each product and project, taking into account factors such as personally identifiable information (PII) or financial data available through the application to those who might try to exploit it. Applications or products containing this type of information present a higher risk factor when they are exploited, hence a higher business impact score.

“When an application provides access to financial data or personally identifiable information, its security is considered a higher priority to handle’ said Shiri Arad Ivtsan, Director of Product Management at WhiteSource. “WhiteSource Priority Scoring lets organizations automate remediation, and accelerate secure software product delivery at scale.”

Meet The Author

Adam Murray

Adam Murray is a content writer at WhiteSource. He began his career in corporate communications and PR, in London and New York, before moving to Tel Aviv. He’s spent the last ten years working with tech companies like Amdocs, Gilat Satellite Systems, Allot Communications, and Sisense. He holds a Ph.D. in English Literature. When he’s not spending time with his wife and son, he’s preoccupied with his beloved football team, Tottenham Hotspur.

Subscribe to Our Blog