Welcome To WhiteSource Research Reports Center

Read research reports about application security, DevSecOps, open source license compliance and audit

Choose Your Type

Choose Your Topic

Our Latest Research Reports

Gartner® Report – What to Do About Log4j?

Cybersecurity experts say that the Log4j vulnerability is perhaps the most severe flaw of its type in decades. If not addressed, it could detrimentally affect millions of pieces of software in some of the world’s largest organizations, and hundreds of millions of devices globally. What can security and application developers do to identify and mitigate...

WhiteSource Research Report — Remediating Vulnerabilities in npm Packages

As AppSec practices continue to shift left into development, the task of ensuring that open source libraries are up-to-date and vulnerability-free falls on developers’ shoulders -- and it is quite a task. In order to gain a better understanding of the process of open source vulnerability management, our Knowledge Team analyzed vulnerable npm packages, checking the CVE publication date and comparing it to the release date of the vulnerabilities’ fix.

Now Tech: Software Composition Analysis, Q2 2021

You can use software composition analysis (SCA) to eliminate vulnerable components, reduce license risk, and apply consistent policies during the software development life cycle (SDLC). But to access these benefits, you’ll first have to select from a diverse set of vendors — vendors that vary by size, functionality, geography, and vertical market focus. Security professionals...