WorkVision Completes Open Source Audits in Real Time Using WhiteSource

Based in Tokyo, Japan, WorkVision provides IT-related solutions for product planning, consulting, sales, software design and development, operations and maintenance, and support for mid-sized companies with an integrated service system. The company develops a wide range of industry-specific solutions for verticals such as distribution, manufacturing, medical/welfare, and logistics. It also offers business-specific solutions for sales management, finance/accounting, HR, and employment. Formerly part of Toshiba Digital Solutions Group, WorkVision became an independent enterprise in July 2019.

WorkVision®︎ Sales Management and WorkVision®︎ Goal Management Cloud software solutions are deployed via a SaaS subscription model. Because of their cloud-based delivery style, WorkVision uses open source software to improve quality and speed in development and to reduce costs. As a result, the number and types of open source components that must be tracked and managed have increased exponentially. With this surge in open source use, WorkVision needed a way to collect accurate data on their open source components, licenses, and vulnerabilities in real time.

Prior to implementing WhiteSource, WorkVision tracked their open source components manually, which was a huge burden. WorkVision found it difficult to carry out regular audits of their open source use and often completed these audits in the final stages of development. WorkVision discovered that when open source vulnerabilities or license compliance issues are discovered in the final stage of development,
it can lead to major rework. In fact, the company has had situations in which the use of open source
components could affect the software’s development timeline, cost, and quality. In addition, the accuracy
of manual open source audits could not be guaranteed.

WorkVision decided to investigate a software composition analysis (SCA) solution to manage their open source use. An automated SCA tool would make managing WorkVision’s open source components easier by shortening the time it took to complete an open source audit while also ensuring its accuracy.

When evaluating potential solutions, WorkVision required a tool that could handle both open source licenses and vulnerability remediation. The solution needed to automatically generate a full and accurate inventory of the open source components in their code base. It also needed to provide license compliance information including any attribution requirements. Finally, the solution needed to identify any open source vulnerabilities in their code and offer both remediation and component upgrade advice.

WorkVision chose WhiteSource to manage their open source usage. Since its implementation, WhiteSource has helped WorkVision streamline their open source audits by identifying any open source licenses that violate company policy and any open source security vulnerabilities. WhiteSource is used to mitigate WorkVision’s exposure caused by open source license and vulnerability issues.

WorkVision selected WhiteSource for many reasons. WorkVision was impressed with the accuracy of WhiteSource’s open source inventory report, which identifies all the open source components in their code base along with license information. They were also impressed that WhiteSource guarantees zero false positives by matching specific components with their vulnerabilities using the comprehensive WhiteSource Vulnerability Database. WorkVision liked that when a security vulnerability is detected, WhiteSource not only identifies the problem, but also provides a suggestion for how to remediate it.

WorkVision also appreciated that they did not need to upload their source code to the Internet because WhiteSource scans hashed data.  Furthermore, since WhiteSource is a SaaS tool, it does not impose an operational load, which reduces WorkVision’s installation, management, and usage costs.

“In the end, I checked WhiteSource’s usability and performance with the trial version,” says Kazutaka Ohshiba, Associate Director, Package Development Center, Technology Management Department. “It was impressive that the scan could be started without any preparation and the results were obtained immediately. Because of this ease of use, I felt that WhiteSource was a tool that could solve our problems and immediately decided to introduce it to my team.”

Since installing WhiteSource, WorkVision regularly scans its software. In addition, the company uses WhiteSource to perform an intellectual property review before each new service is certified and shipped according to internal corporate policy. WhiteSource has helped WorkVision improve development
efficiency by shortening the review process and reducing costs.

Prior to installing WhiteSource, each open source component and license had to be manually examined. The number of open source components in WorkVision’s code base is very large, and some of the license requirements are very complex. Reviewing each one was a time-consuming and difficult process. In terms of man-hours, it took about 12 hours to list the open source components and about 16 hours to check each open source license. Now the same process takes a fraction of the time.

“Before WhiteSource, completing an open source audit took about a week to complete. That process now takes only 15 minutes,” says Shota Midorikawa, Section Chief, Package  Development Center, Technology Management Department at WorkVision.

Previously when a security vulnerability was detected, it took about 8 hours or more to manually verify the risk and update the component to the latest version. It was not uncommon to fill up the schedule for a week with just these remediation tasks. Using  WhiteSource, a task that took 8 hours can now be completed in about 5 minutes.

WhiteSource allows WorkVision to generate a list of the hundreds of open source components in use in their code base with a simple click. It also provides remediation advice for detected vulnerabilities as well as suggested patches for outdated open source libraries. WhiteSource automatically identifies security risks and visualizes alerts based on quality, policy, version, and risk level. Finally, because WhiteSource is a cloud-based service, there are no maintenance or operational costs associated with using it.

“When you actually use WhiteSource, you immediately realize how much you can reduce the burden of managing your open source components. If you’re facing a similar challenge, give WhiteSource a try right away,” says Mr. Ohshiba.

Because WhiteSource is so simple to use, WorkVision has not needed much support from the company’s Japanese partner Ricksoft. However, whenever they have reached out, Ricksoft has been extremely responsive. As WorkVision strengthens its DevOps and DevSecOps practices internally, they plan to leverage Ricksoft’s knowledge of products and services to further streamline their software development work by integrating WhiteSource and other software.

“This is a great success story. WorkVision is a traditional company that has been developing sales management software for over 40 years and is an application vendor that values high-quality software,” says Kazuhiko Ohtsuka, General Manager at Ricksoft. “We are very pleased that WhiteSource was adopted by such a company and that Ricksoft was involved by providing service and support. We will continue to provide customers in Japan with Agile, DevOps, and DevSecOps solutions based on WhiteSource products.”

WorkVision®︎ Sales Management and WorkVision®︎ Goal Management Cloud software solutions are deployed via a SaaS subscription model. Because of their cloud-based delivery style, WorkVision uses open source software to improve quality and speed in development and to reduce costs. As a result, the number and types of open source components that must be tracked and managed have increased exponentially. With this surge in open source use, WorkVision needed a way to collect accurate data on their open source components, licenses, and vulnerabilities in real time.

Prior to implementing WhiteSource, WorkVision tracked their open source components manually, which was a huge burden. WorkVision found it difficult to carry out regular audits of their open source use and often completed these audits in the final stages of development. WorkVision discovered that when open source vulnerabilities or license compliance issues are discovered in the final stage of development,
it can lead to major rework. In fact, the company has had situations in which the use of open source
components could affect the software’s development timeline, cost, and quality. In addition, the accuracy
of manual open source audits could not be guaranteed.

WorkVision decided to investigate a software composition analysis (SCA) solution to manage their open source use. An automated SCA tool would make managing WorkVision’s open source components easier by shortening the time it took to complete an open source audit while also ensuring its accuracy.

When evaluating potential solutions, WorkVision required a tool that could handle both open source licenses and vulnerability remediation. The solution needed to automatically generate a full and accurate inventory of the open source components in their code base. It also needed to provide license compliance information including any attribution requirements. Finally, the solution needed to identify any open source vulnerabilities in their code and offer both remediation and component upgrade advice.

WorkVision chose WhiteSource to manage their open source usage. Since its implementation, WhiteSource has helped WorkVision streamline their open source audits by identifying any open source licenses that violate company policy and any open source security vulnerabilities. WhiteSource is used to mitigate WorkVision’s exposure caused by open source license and vulnerability issues.

WorkVision selected WhiteSource for many reasons. WorkVision was impressed with the accuracy of WhiteSource’s open source inventory report, which identifies all the open source components in their code base along with license information. They were also impressed that WhiteSource guarantees zero false positives by matching specific components with their vulnerabilities using the comprehensive WhiteSource Vulnerability Database. WorkVision liked that when a security vulnerability is detected, WhiteSource not only identifies the problem, but also provides a suggestion for how to remediate it.

WorkVision also appreciated that they did not need to upload their source code to the Internet because WhiteSource scans hashed data.  Furthermore, since WhiteSource is a SaaS tool, it does not impose an operational load, which reduces WorkVision’s installation, management, and usage costs.

“In the end, I checked WhiteSource’s usability and performance with the trial version,” says Kazutaka Ohshiba, Associate Director, Package Development Center, Technology Management Department. “It was impressive that the scan could be started without any preparation and the results were obtained immediately. Because of this ease of use, I felt that WhiteSource was a tool that could solve our problems and immediately decided to introduce it to my team.”

Since installing WhiteSource, WorkVision regularly scans its software. In addition, the company uses WhiteSource to perform an intellectual property review before each new service is certified and shipped according to internal corporate policy. WhiteSource has helped WorkVision improve development
efficiency by shortening the review process and reducing costs.

Prior to installing WhiteSource, each open source component and license had to be manually examined. The number of open source components in WorkVision’s code base is very large, and some of the license requirements are very complex. Reviewing each one was a time-consuming and difficult process. In terms of man-hours, it took about 12 hours to list the open source components and about 16 hours to check each open source license. Now the same process takes a fraction of the time.

“Before WhiteSource, completing an open source audit took about a week to complete. That process now takes only 15 minutes,” says Shota Midorikawa, Section Chief, Package  Development Center, Technology Management Department at WorkVision.

Previously when a security vulnerability was detected, it took about 8 hours or more to manually verify the risk and update the component to the latest version. It was not uncommon to fill up the schedule for a week with just these remediation tasks. Using  WhiteSource, a task that took 8 hours can now be completed in about 5 minutes.

WhiteSource allows WorkVision to generate a list of the hundreds of open source components in use in their code base with a simple click. It also provides remediation advice for detected vulnerabilities as well as suggested patches for outdated open source libraries. WhiteSource automatically identifies security risks and visualizes alerts based on quality, policy, version, and risk level. Finally, because WhiteSource is a cloud-based service, there are no maintenance or operational costs associated with using it.

“When you actually use WhiteSource, you immediately realize how much you can reduce the burden of managing your open source components. If you’re facing a similar challenge, give WhiteSource a try right away,” says Mr. Ohshiba.

Because WhiteSource is so simple to use, WorkVision has not needed much support from the company’s Japanese partner Ricksoft. However, whenever they have reached out, Ricksoft has been extremely responsive. As WorkVision strengthens its DevOps and DevSecOps practices internally, they plan to leverage Ricksoft’s knowledge of products and services to further streamline their software development work by integrating WhiteSource and other software.

“This is a great success story. WorkVision is a traditional company that has been developing sales management software for over 40 years and is an application vendor that values high-quality software,” says Kazuhiko Ohtsuka, General Manager at Ricksoft. “We are very pleased that WhiteSource was adopted by such a company and that Ricksoft was involved by providing service and support. We will continue to provide customers in Japan with Agile, DevOps, and DevSecOps solutions based on WhiteSource products.”