white source launched last Tuesday a new software composition analysis or SCA technology that they have called effective use analysis. With it, they promise to reduce vulnerabilities in software projects by 70%, a rather ambitious promise that will have to wait if it is as effective as they say and learn more about it. In addition, they also promise to analyze factors beyond the application or software analyzed, going beyond the use itself and evaluating the impact on the application's security.
The company thus intends to train companies or software developers of a better tool to harness the power of open source. The result should be more secure applications that we can enjoy in the near future. And it is that the use of open source software has skyrocketed and with it the number of alerts of known vulnerabilities for this software. To do this, they go a step further than current technologies that simply limit themselves to detecting details about the possibly vulnerable parts of the software.
But now you can get details of how these are used analyzed applications or components thereof and if any peculiar use could have an impact on the security of the system. This new technology is compatible with Java and JavaScript, but the WhiteSource company plans to expand the capabilities to add more supported programming languages. The truth is that we cannot ask much of a project that is still in a beta phase ...
And that new arrivals are we in this new project? Well, basically the analysis of effective use uses a new scanning process that includes scanning the client's code, analysis of how the code interacts with the open source components, indicates if the vulnerabilities are effectively referenced by said code and identifies where that happens. . All this thanks to the combination of several advanced comprehensive analysis algorithms that can be handled from a graphical interface.