White Source has reached the public stage for its open source ALM product. Delivered via a SaaS model, developers can use this free-of-charge, cloud-based solution to track, audit, and report on open source software components while mitigating the legal and technical risks associated with any code used throughout their software development lifecycle.
- Insider Threats and the Need for Fast and Directed Response
- Blue Coat Research Report: The Visibility Void
- Intrusion Prevention Systems: What to Look for in a Solution
- Advanced Threat Protection For Dummies ebook and Using Big Data Security Analytics to Identify Advanced Threats Webcast
In something of a sweeping generalization, White Source asserts that "most companies" are addressing the ALM OSS challenge using spreadsheets and other static documents. This, it says, leads to missing and out-of-date information, lack of collaboration, and no clear way to evaluate risk.
While all functionality is provided from a cloud-based SaaS service, White Source confirms that it never uploads any source code to the cloud.
"Companies are often required to do a lot of OSS tracking, validation, and compliance work near major events such as M&A and software releases," said White Source CEO Rami Sass. "Today, only the largest companies have the resources and the expertise to manage the open-source lifecycle effectively. This leaves the majority of development organizations exposed to potentially serious risks such as license violations and loss of intellectual property, while also exposing them to security vulnerabilities."
White Source fully supports Java and plans to support additional languages in the future. The company intends to add premium services for a monthly subscription fee.