WhiteSource, the leader in open source security and license compliance management, announced today the extension of WhiteSource Prioritize, helping developers and security teams address open source vulnerabilities more effectively and efficiently.
Indeed, by scanning open source components with known vulnerabilities and assessing their security impact, WhiteSource Prioritize can detect whether a developer's proprietary code is making calls to the vulnerable portion of the open source component – or whether the developer's code ever actually accesses the vulnerability. This then determines whether the detected vulnerability in the open source component actually represents a risk – and whether the vulnerability in question needs to be addressed right away. WhiteSource's research shows that as low as 15% of Java open source vulnerabilities actually present a risk and need to be urgently remediated.
With only a small fraction of all vulnerabilities truly presenting a risk, “WhiteSource Prioritize is a real game changer for security and engineering teams,” said David Habusha, WhiteSource's VP of Products, “customers who have already upgraded to WhiteSource Prioritize report that their developers no longer need to spend as much time dealing with all of the security alerts in their systems; instead, they now move confidently and swiftly through a validated remediation process and save precious development hours.”