The open-source software you are using might have potential vulnerabilities lying dormant and could exert security issues for applications built on that code. SourceClear, a security startup for software developers, announced a free security tool. Dubbed SourceClear Open, this new tool enables developers to find out what open-source library they are using, types of vulnerabilities that exist, which vulnerabilities actually need attention and what to do for fixing them. It fills in the company’s products that some of the world’s largest companies like BAE Systems, The Gap, DataStax, and Zendesk are deploying.
“I have spent 15 years watching talented, hardworking developers reinvent the world and then roll their eyes when asked to use traditional security tools. Developers always want to do the right thing, but have been faced with tools that generate more noise than signal. It became increasingly hard not to be frustrated by the status quo, so I decided to do something about it,” said Mark Curphey, CEO of SourceClear in a blog post. “We’ve designed the SourceClear products specifically for teams of developers. With this release, we are ‘giving back’ to the community that helps us all build amazing software.”
SourceClear plays a critical role in the modern development process by connecting easily with existing tool chains (frameworks, languages, and build tools). Powered by Data Science, a committed research team and a community research program, SourceClear identifies disclosed and emerging security threats well over those found in public and government databases.