- Dependence on open source software is increasing among companies around the world as well as the security risks associated with it.
- Contrast OSS automatically detects and fixes vulnerabilities and defends against targeted attacks and bots.
- This solution enables DevOps to manage open source software risk from development to production process, without the need for deploying multiple tools
According to a recent Red Hat report, 99 percent of IT leaders in surveyed enterprises see adoption of open source software as important for their organization, and a majority of organizations plan to increase their use of open source over the next 12 months.
However, as companies around the world continue to rely more on open source software, there is a growing concern about the security risks associated with the use of free software.
Thanks to a new solution offered by California-based application security company Contrast Security, organizations will now be able to solve the security, legal and compliance risks associated with the use of open source software themselves.
Leveraging this new solution, called Contrast OSS, customers can now embed automated controls into their software development and delivery pipelines, and monitor all of their applications and open source dependencies continuously.
“Contrast OSS delivers automated open source risk management by embedding security and compliance checks in applications throughout the development process while performing continuous monitoring in production,” the company writes in its website.
Contrast OSS work alongside Contrast Assess and Contrast Protect as part of the Contrast Security Platform. Leveraging the Contrast Security platform, customers can now embed automated controls into their software development and delivery pipelines, and monitor all of their applications and open source dependencies continuously
Created with patented security instrumentation technology, it claims, Contrast OSS is the only solution in the market that can continuously identify vulnerable open source components, determine how they are actually used by the application, and then prevent exploitation at runtime.
Contrast OSS work alongside Contrast Assess and Contrast Protect as part of the Contrast Security Platform.
Comparison between existing legacy tools and Contrast OSS
The first-generation scan-based tools used by many organizations to assess open source components struggle to provide effective security analysis. They are also not compatible with high-velocity software development.
Moreover, legacy tools do not provide protection against attempts to exploit open source vulnerabilities in production applications. This leaves companies exposed to evolving threats, with poor visibility into the real risks introduced by these components.
Unlike legacy application security testing solutions, Contrast Security says its next generation security platform produces accurate results without dependence on application security experts.
Contrast produces a continuous stream of accurate vulnerability and compliance risk information whenever and wherever software is run. Development, QA and Security teams get results as they develop and test software. This allows them to find and fix security flaws early in the software lifecycle, when they are easiest and cheapest to remediate.
In addition, Contrast integrates seamlessly into the software lifecycle and the toolsets that are already being used by development and operations teams.
A solution built for the modern software era
Surag Patel, Chief Strategy Officer, Contrast Security, says, “The increasing dependence on open source is undeniable and the ability for enterprises to leverage open source software without risk to the business, remains a top priority for VPs of Development, CISOs and CIOs. We are excited to offer the first complete solution that enables real-time inventory, assessment of security risk, assessment of licensing compliance risk and security exploit prevention for open source software.”
With this new platform, organizations get an embedded security solution and so they do the need to deploy multiple tools to secure their software, he adds.