White Source has reached the public stage for its open source ALM product. Delivered via a SaaS model, developers can use this free-of-charge, cloud-based solution to track, audit, and report on open source software components while mitigating the legal and technical risks associated with any code used throughout their software development lifecycle.
- Mid-Market Mayem: Cybercriminals Wreak Havoc Beyond Big Enterprises
- Coding to standards and quality: supply-chain application development
- Catch the Security Breach Before It’s Out of Reach
- Mobile Content Management: What You Really Need to Know
In something of a sweeping generalization, White Source asserts that "most companies" are addressing the ALM OSS challenge using spreadsheets and other static documents. This, it says, leads to missing and out-of-date information, lack of collaboration, and no clear way to evaluate risk.
While all functionality is provided from a cloud-based SaaS service, White Source confirms that it never uploads any source code to the cloud.
"Companies are often required to do a lot of OSS tracking, validation, and compliance work near major events such as M&A and software releases," said White Source CEO Rami Sass. "Today, only the largest companies have the resources and the expertise to manage the open-source lifecycle effectively. This leaves the majority of development organizations exposed to potentially serious risks such as license violations and loss of intellectual property, while also exposing them to security vulnerabilities."
White Source fully supports Java and plans to support additional languages in the future. The company intends to add premium services for a monthly subscription fee.