WhiteSource Cure: Automated Remediation for Developers

Automated Remediation for Developers
Automated Remediation for Developers

Keeping up with today’s rapidly evolving threat landscape is an ongoing battle for software development organizations, as many struggle to keep their assets and customers secure while keeping up with the competitive pace of software delivery. 

The Problem: Vulnerability Detection Is Not Enough

In order to address AppSec risks, many organizations are working hard to shift security left, investing in automated application security testing (AST) tools to detect security vulnerabilities early in development. While automated detection is an important step towards addressing AppSec risks, security and development teams are now faced with a seemingly never-ending stream of security alerts, with little to no time or security know-how to remediate them. 

The result: alert fatigue for developers who are now required to magically gain security expertise, and many valuable resources invested in attempting to figure out how to remediate them, leading to increased friction between security and development teams. Remediation is often delayed until late in the development process, and remains mainly manual, slow, and expensive. We learned from our customers that it takes half a day on average for a developer to fix a single vulnerability, which can add up to long and costly delays in product releases. 

Ultimately, Security debt grows and critical vulnerabilities remain, leaving organizations open to attack.

Reducing Enterprise Application Security Risks:

More Work Needs to Be Done

The Solution: Automated Remediation — Early and Often

In order to lighten the load for developers and relieve them of the added tasks involved in remediating vulnerabilities, WhiteSource has developed WhiteSource Cure, an automated remediation tool for custom code. WhiteSource Cure acts as a developer’s personal security expert, helping speed up the release of secure software. 

The community edition of WhiteSource Cure is a free-forever developer tool designed for the open source community. It provides developers with remediation suggestions for security vulnerabilities in custom code, and the IDE plugin enables them to apply a security fix to their code with a click of a button, directly in their IDE. 

WhiteSource Cure remediation suggestions are case-specific and accurate. In addition to helping save valuable time and promote secure coding, WhiteSource Cure also helps prevent future vulnerabilities, by allowing developers to learn new remediation methods.

WhiteSource Cure: Security at the Speed of DevOps

In order to truly share ownership over security, developers need tools that they can trust, and that won’t slow them down. WhiteSource Cure’s automated remediation bridges the knowledge gap for developers by enabling them to easily incorporate security into their native development environment. This enables organizations to keep their DevOps pipeline both agile and secure, helping them accelerate secure software development and delivery. 

WhiteSource Cure community edition is currently limited to public projects only. Visit these links to view sample auto-remediation suggestions for popular projects: oscar, WebGoat, loklak_server, AltoroJ

Meet The Author

Cobi Tal

Cobi has over 20 years of experience in strategic positions in leading High Tech companies and in the AppSec industry, working with some of world's largest software organizations implementing Application Security processes. In his previous role he managed EMEA and LATAM technical services and is now part of the strategy and incubation group at WhiteSource.

Subscribe to Our Blog