Contrast Security, the pioneer in enabling “self-protecting” software by embedding vulnerability analysis and exploit prevention directly into modern software, continues to re-invent application security with the launch of Contrast OSS. Contrast OSS is offered as a solution to help organizations building modern software solve the security, legal and compliance risks associated with their use of open source software (OSS).
According to a recent RedHat report, 99% of IT leaders in surveyed enterprises see adoption of open source software as important for their organization, and a majority of organizations plan to increase their use of open source over the next 12 months. As companies around the world rely more on leveraging open source software, there is also a growing understanding of the risks that come with it. First generation tools used by these organizations to assess open source components struggle to provide effective security analysis and are not keeping up with high-velocity software development. These scan-based tools do not produce the accurate and actionable insight teams need to pinpoint true risks and quickly eliminate those risks early in the development phase. Moreover, legacy tools do not provide protection against attempts to exploit open source vulnerabilities in production applications. This leaves companies exposed to evolving threats, with poor visibility into the real risks introduced by these components.
Created with patented security instrumentation technology, Contrast OSS is the only solution on the market that can continuously identify vulnerable open source components, determine how they are actually used by the application, and then prevent exploitation at runtime. Contrast OSS capabilities function as a solution that can work alongside Contrast Assess and Contrast Protect as part of the Contrast Security Platform. Contrast OSS provides the ability to:
- Automatically create and maintain an organization-wide inventory of open source components mapped to applications, servers and environments.
- Provide real-time correlation of vulnerabilities, OSS license information, and additional library metadata.
- Continuously assess open source components for known and unknown vulnerabilities across all software development and delivery pipelines.
- Continuously evaluate open source components for license compliance and intellectual property risk across all software development and delivery pipelines.
- Automatically enforce custom policies and provide real-time feedback to security, compliance and development teams.
- Prioritize and focus developer remediation efforts on critical vulnerabilities by accurately identifying whether vulnerable open source components are actually used by the application.
- Continuously monitor production applications and block attacks on vulnerable open source to prevent runtime exploitation.
- Maintain centralized visibility and point-of-control for all customer and open source software risk, portfolio-wide, through a single automated platform.
This new offering by Contrast Security is already witnessing demand in market, and has recently been selected by a Fortune 100 financial services company to secure the company’s software portfolio and growing use of open source software. The Fortune 100 company selected Contrast Security to gain better visibility across their entire application stack, including all open source components introduced into their codebase by their development and digital transformation teams. With Contrast Security, the customer was looking for one platform that can deliver immediate and actionable feedback loops to developers to enable faster remediation and risk reduction procedures, while also driving down overall cost and operational complexity.
“Contrast Security has a long and successful track record of helping organizations secure their applications,” said Surag Patel, Chief Strategy Officer, Contrast Security. “The increasing dependence on open source is undeniable and the ability for enterprises to leverage open source software without risk to the business, remains a top priority for VPs of Development, CISOs and CIOs. We are excited to offer the first complete solution that enables real-time inventory, assessment of security risk, assessment of licensing compliance risk and security exploit prevention for open source software. In an era of accelerated software delivery, customers can now embed automated controls into their software development and delivery pipelines, and monitor all of their applications and open source dependencies continuously. Leveraging the Contrast Security platform, organizations now have an embedded security solution that is built for the modern software era, without having to deploy and orchestrate multiple tools.”