WhiteSource announced the company’s expansion into custom code security following two recent acquisitions and the availability of its static application security testing (SAST) solution.
To accelerate the company’s SAST vision, WhiteSource completed two acquisitions:
- Xanitizer, a German-based company, has developed novel high-precision SAST detection technologies that are best known for their accuracy.
- DefenseCode, a Croatian-based company with customers in Europe and North America, which provides next-generation enterprise-grade SAST capabilities including fast scanning and support for multiple languages.
Martin Eiszner, the CTO of SEC Consult, an Atos company, said: “We have been using DefenseCode’s SAST technologies for the past few years as part of our application security services portfolio to protect our customers from attack. The flexibility, ease of use, fast speed, and broad language support has helped us deliver our services efficiently across many hundreds of development environments.”
Both Xanitizer and DefenseCode have been folded into WhiteSource’s new SAST engineering organization which is focused on creating custom code vulnerability detection, prioritization, and automated remediation to enable developers to identify and fix even the most significant software risks with speed and ease.
“Our goal with DefenseCode has always been to provide the best of breed SAST solution with actionable results and a very low level of noise,” said Leon Juranić, founder of DefenseCode and now a security consultant in R&D at WhiteSource. “We are excited to join WhiteSource and the team from Xanitizer to deliver a next-generation SAST offering built from the ground up for DevOps.”
The SAST market is ripe for disruption because most established SAST products were designed for an earlier era, when the typical software development life cycle stretched for months. Back then, there was enough time between release cycles for security teams and developers to parse through long lists of potential security flaws, sift out the false positives, and fix the real problems.
In today’s fast-paced development environment, where the average release cycle in some organizations is less than a day, these SAST products are a poor fit. Many research studies have shown that large percentages of developers simply don’t use the application security tools that their security team provides; they choose speed over security.
WhiteSource’s SCA remediation-first approach has allowed developers to focus on creating great software instead of fixing security vulnerabilities. For example, WhiteSource SCA natively and frictionlessly integrates with developers’ familiar coding environments (browsers, IDEs, and repositories) and automatically generates fix pull requests (PRs) for vulnerable open source libraries. Accompanying each pull request is a patented set of analytics that help developers ensure the recommended fix won’t break the existing code.
Another patented feature, WhiteSource Prioritize, helps developers distinguish effective vulnerabilities — which are dangerous and must be fixed — from ineffective vulnerabilities — which are not dangerous and need not be fixed. Together, these features save up to 80% of time otherwise spent on fixing open source vulnerabilities. That’s why the most demanding software builders in the world, including 23% of the Fortune 100, rely on WhiteSource SCA.
This same remediation-first approach will be applied to the company’s next-generation SAST capabilities, including:
- Accuracy of code flaw detection with very few false positives.
- Fast scanning with broad language support across 20+ languages.
- Automated remediation of custom code vulnerabilities which actually fixes security vulnerabilities as if the best developer on the team did so herself.
Developers want to spend their time creating software, not fixing vulnerabilities. In a time where retaining top talent has been increasingly challenging, organizations benefit from a remediation-first approach that allows their teams to focus on the work they were hired to do. WhiteSource helps developers focus on what matters most – delivering great software.
In February 2022, WhiteSource acquired DefenseCode.