DevOps outfit SourceClear has released a free tool for finding vulnerabilities in open-source code.
SourceClear Open is touted as a means for developers to identify known and emerging security threats beyond those in public and government databases.
“Developers are being held more accountable for security and demanding tools that help them with that responsibility,” according to SourceClear. “But traditional security products are insufficient, and the recent closure of the Open Source Vulnerability Database (OSVDB) and the well-documented struggles of the CVE and its naming process have underscored the limitations of public and government-backed software vulnerability databases.”
SourceClear Open is based on SourceClear’s commercial products and delivered as a cloud-based service. The technology is said to track thousands of threat sources and analyses millions of open-source library releases.
SourceClear’s chief exec (and OWASP founder) Mark Curphey explains the technology and the thinking beyond it in a blog post entitled, Free Security for Open-Source Code - SourceClear Open is Now Live, here. ®