Effective Usage Analysis

Additional Info

CompanyWhiteSource
Websitehttps://www.whitesourcesoftware.com/
Company size (employees)50 to 99

Overview

WhiteSource, the leader in open source security and license compliance management recently launched its next generation Software Composition Analysis solutions – Effective Usage Analysis. The newly developed technology provides details beyond simply which components are present in the application, delving deeper with actionable insights on how components are being used, highlighting their impact on the security of the application.

This new technology reduces open source vulnerability alerts by 70%, showing which vulnerabilities are effective (i.e. getting calls from the proprietary code) and impact the security of the application, and which ones are ineffective. WhiteSource’s internal research on Java applications has found that only 30% of reported alerts on open source components with known vulnerabilities originate from effective vulnerabilities and require high prioritization for remediation.

WhiteSource’s innovative Effective Usage Analysis technology adds a never before seen level of resolution for understanding which functionalities are indeed effective. This reduces open source vulnerability alerts, and provides actionable insights with full trace analysis, pinpointing the vulnerabilities’ exact location in the code to lead to faster, more efficient remediation.

Currently in its beta testing, Effective Usage Analysis will support Java and JavaScript upon its release, and will be later expanded to additional languages.

How we are different

While historically tools for open source security have focused on detection of open source components with known vulnerabilities, WhiteSource’s Effective Usage Analysis solution is able to differentiate between vulnerable functionalities that are effective (i.e. getting calls from the proprietary code) and those that are not, helping developers to prioritize remediations based on the vulnerability's impact on their product.


By differentiating between the effective and ineffective vulnerable functionalities, WhiteSource’s solution reduces the scope of relevant alerts by a staggering 70%.


This tool is the first ever to equip developer teams with the ability to pinpoint the exact path to the vulnerable functionality in the code with full trace analysis to make remediations faster.