4. 4
Problem:
? ?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
? ?
?
?
?
?
?
vs.
4
Reported Vulnerabilities Are Not Necessarily EFFECTIVE
?
?
?
?
?
Reported Vulnerabilities
Can you really handle all of them?
Which ones constitute a real risk?
Which ones should be addressed first?
Effective Vulnerabilities
Less to deal with. Much less.
5. 4
Problem:
? ?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
? ?
?
?
?
?
?
vs.
5
Reported Vulnerabilities Are Not Necessarily EFFECTIVE
?
?
?
?
?
Reported Vulnerabilities
Can you really handle all of them?
Which ones constitute a real risk?
Which ones should be addressed first?
Focusing on Effective Vulnerabilities Could Enable:
Better development efficiency
Better development effectiveness
Better security
6. 5
On average, 70%* of
reported security
vulnerabilities
in open source libraries
are NOT referenced
by the developers’ code
70%
30%
Non-Effective
Effective
* Based on preliminary
research by WhiteSource
ReferencedNot Referenced
Solution: Identify and Focus on Effective Vulnerabilities
7. • State of the art analysis technology that enables
organizations to determine if and how their software
projects are effectively exposed to reported open source
vulnerabilities
• Powerful and intuitive user experience that facilitates
quick assessment and prioritization of vulnerability
remediation options
6
What Is
Effective
Usage
Analysis?
8. 78
Significant savings
by enabling developers to
focus on real, actual risks
Better cooperation
between DevOps and
Security teams
Actionable insights
about security
vulnerabilities
Maximized accuracy
of risk assessment
Easier remediation
processes
Significant savings Better cooperation Actionable insights
Maximized accuracy Easier remediation
The Value
Proposition Of
Effective Usage
Analysis
9. 79
Significant savings
by enabling developers to
focus on real, actual risks
Better cooperation
between DevOps and
Security teams
Actionable insights
about security
vulnerabilities
Maximized accuracy
of risk assessment
Easier remediation
processes
Significant savings Better cooperation Actionable insights
Maximized accuracy Easier remediation
The Value
Proposition Of
Effective Usage
Analysis
10. Effective Usage Analysis Release
Free for all WhiteSource customers
until the end of 2018
Currently supports Java and related
package managers (such as Maven
and Gradle) as well as POJO
Contact your customer success
representative to gain access now!
13. Well… we’ve got good news.
Join our Effective Usage Analysis
JavaScript beta program now!
What’s in it for you? Free access to the technology for an
extended period of time!
Sign up here: product@whitesourcesoftware.com
Missed Out On Our Last Beta Round?
15. WhiteSource Unified Agent Strategy
allows customers to use a single
agent for all integrations
WhiteSource Unified Agent Strategy
facilitates simplified maintenance
and updates as well as centralized
configurations
Unified Agent Strategy using FSA
Gone are the days of multiple
plugins and agents….
But until then…
WhiteSource supports a single,
unified agent with all functionalities
New functions and bug fixes are
being delivered in the File System
Agent (FSA) only
Our recommendation? Use FSA only!
Check out our documentation which
has detailed, updated information
regarding our FSA
16. Go: Gopm, Dep, GoDep, vndr,
GoGradle, Glide
Python: Pip and setuptools
Scala: SBT
Unified Agent - Support For New Platforms
Supporting* New Package Managers
Ruby: RubyGems
PHP: Composer
iOS: Cocoapods
TypeScript: NPM
*Supports direct & transitive dependencies as well as Web Advisor detection
17. AWS CodeBuild
Google Cloud Build
Travis CI
New Build/CI Tools
Integrated With Unified Agent
Supported Build Tools Now
Integrated With Unified Agent
Jenkins
TFS/VSTS
Unified Agent - Support For New Platforms
19. Fortify SSC Integration
17
Monitor your proprietary and open-source vulnerabilities in one dashboard
Extend security issues in Fortify SSC’s dashboard with actionable information on
found open source vulnerabilities
Prioritize remediation efforts with advanced filtering and aggregation options
Ensuring continuous, automatic security alerts synchronization, and same day
alerts for new vulnerabilities
Support for Fortify SSC 17.20 & 18.10
23. Workflow Enhancements
#1: User Level Access Control
User-level access controls have
been added so you can
segregate between users
and/or products
Control and audit actions
executed by users (such as
scans, API calls, admin actions)
24. Workflow Enhancements (Cont’d)
#2: Documentation Changes
Users can add comments for
designated actions
Inventory and license changes
will now automatically indicate
source of change
(user/system)
25. Workflow Enhancements (Cont’d)
#3: Reports
New “Change Log History” report includes a log of all the inventory
changes made (user/system)
The Report can also be obtained via API
26. Workflow Enhancements (Cont’d)
#4: Allow failing builds on
conditional policies
‘Reassign’ and ‘Conditions’
Policies now allow to fail builds
in case of a policy match
27. Workflow Enhancements (Cont’d)
#5: Open tasks on initial
project scan
Open pending tasks for new
libraries in a new project, in
addition to existing projects
31. Customer Community Portal
What’s In It For You?
Centralized, personalized view of all your issued support cases
Subscribe to receive email updates on:
Product announcements and updates
Early product release notes