In this webinar, SANS's Serge Borso and WhiteSource's Rami Elron provide a product review of our solution. In this webinar, you will learn how WhiteSource's solution can be easily integrated into the software development lifecycle to, detect open source vulnerabilities in real time, prioritize and remediate vulnerabilities and automate policy enforcement throughout the SDLC.
4. Today’s Speakers
• Serge Borso, SANS Community Instructor and Analyst,
Owner and Principal Consultant at SpyderSec
• Rami Elron, Senior Director of Product Management at
WhiteSource
4
19. 19
* Based on preliminary research by WhiteSource
Only some of the reported security vulnerabilities in
open source libraries
are referenced by the developers’ code
Identify and Focus on Effective Vulnerabilities
20. WhiteSource Software ConfidentialWhiteSource Software ConfidentialWhiteSource Software Confidential 20
On average, 70%* of
reported security
vulnerabilities
in open source libraries
are NOT referenced
by the developers’ code
70%
30%
Non-Effective
Effective
* Based on preliminary research by WhiteSource
ReferencedNot Referenced
Identify and Focus on Effective Vulnerabilities
21. WhiteSource Software ConfidentialWhiteSource Software ConfidentialWhiteSource Software Confidential
Effective Usage Analysis technology enables organizations
to determine if and how their software projects are
effectively exposed to reported open source
vulnerabilities
The technology facilitates quick assessment and
prioritization of vulnerability remediation options
21
What is
Effective
Usage
Analysis?
22. WhiteSource Software ConfidentialWhiteSource Software ConfidentialWhiteSource Software Confidential 22
by enabling developers to
focus on real, actual risks
between DevOps and
Security teams
about security
vulnerabilities
of risk assessment processes
Significant savings Better cooperation Actionable insights
Maximized accuracy Easier remediation
Effective Usage
Analysis’ Value
Proposition
24. WhiteSource Software ConfidentialWhiteSource Software ConfidentialWhiteSource Software Confidential
6 Revolutionary Benefits With Effective Usage Analysis
1. Receive in-depth information on security vulnerabilities
24
Discover direct and
indirect references
from proprietary code
to vulnerable open
source code
25. WhiteSource Software ConfidentialWhiteSource Software ConfidentialWhiteSource Software Confidential
1. Receive in-depth information on security vulnerabilities
2. Verify if a reported vulnerability is a real risk
25
Identify which
reported vulnerabilities
are effective
vulnerabilities
6 Revolutionary Benefits With Effective Usage Analysis
26. WhiteSource Software ConfidentialWhiteSource Software ConfidentialWhiteSource Software Confidential
1. Receive in-depth information on security vulnerabilities
2. Verify if a reported vulnerability is a real risk
3. Identify the location of the call that references the vulnerable code
26
Understand where
vulnerabilities are
referenced from
proprietary code
6 Revolutionary Benefits With Effective Usage Analysis
27. WhiteSource Software ConfidentialWhiteSource Software ConfidentialWhiteSource Software Confidential
1. Receive in-depth information on security vulnerabilities
2. Verify if a reported vulnerability is a real risk
3. Identify the location of the call that references the vulnerable code
4. Visualize open source usage through a clear image of call traces
27
Examine the full call trace
from proprietary code to
the open source component
6 Revolutionary Benefits With Effective Usage Analysis
28. WhiteSource Software ConfidentialWhiteSource Software ConfidentialWhiteSource Software Confidential
1. Receive in-depth information on security vulnerabilities
2. Verify if a reported vulnerability is a real risk
3. Identify the location of the call that references vulnerable code
4. Visualize open source usage through a clear depiction of call traces
5. Compare between reported vulnerabilities and effective vulnerabilities
28
Review reports and
charts for better
decision making
6 Revolutionary Benefits With Effective Usage Analysis
29. WhiteSource Software ConfidentialWhiteSource Software ConfidentialWhiteSource Software Confidential
1. Receive in-depth information on security vulnerabilities
2. Verify if a reported vulnerability is a real risk
3. Identify the location of the call that references vulnerable code
4. Visualize open source usage through a clear depiction of call traces
5. Compare between reported vulnerabilities and effective vulnerabilities
6. Use a dedicated API for programmatic access
29
Integrate and automate
with external tools, environments
and frameworks
6 Revolutionary Benefits With Effective Usage Analysis
33. Please use GoToWebinar’s
Questions tool to submit
questions to our panel.
Send to “Organizers” and tell us if
it’s for a specific panelist.
Q&A
33
34. And to our attendees, thank you for joining us today!
Acknowledgments
34
Thanks to our sponsor:
To our special guest: Rami Elron
Editor's Notes
Many modern applications (sources indicate 60-80%) use open source components and these components, like their closed source counterparts, can have vulnerabilities that when not managed properly introduce significant risk to the organization. Identifying and tracking the functional vulnerabilities throughout the SDLC however can be challenging.
At its core, WhiteSource is a security solution—a technology that integrates with the SDLC to enable security professionals to help development teams by providing information on the best open source components for a project and being able to identify and help prioritize vulnerabilities in the code.