Contrast Security launched Contrast OSS, a solution to help organizations building modern software solve the security, legal and compliance risks associated with their use of open source software (OSS).
Created with patented security instrumentation technology, Contrast OSS can continuously identify vulnerable open source components, determine how they are actually used by the application, and then prevent exploitation at runtime. Contrast OSS capabilities function as a solution that can work alongside Contrast Assess and Contrast Protect as part of the Contrast Security Platform.
Contrast OSS provides the ability to:
- Automatically create and maintain an organization-wide inventory of open source components mapped to applications, servers and environments.
- Provide real-time correlation of vulnerabilities, OSS license information, and additional library metadata.
- Continuously assess open source components for known and unknown vulnerabilities across all software development and delivery pipelines.
- Continuously evaluate open source components for license compliance and intellectual property risk across all software development and delivery pipelines.
- Automatically enforce custom policies and provide real-time feedback to security, compliance and development teams.
- Prioritize and focus developer remediation efforts on critical vulnerabilities by accurately identifying whether vulnerable open source components are actually used by the application.
- Continuously monitor production applications and block attacks on vulnerable open source to prevent runtime exploitation.
- Maintain centralized visibility and point-of-control for all customer and open source software risk, portfolio-wide, through a single automated platform.
"Contrast Security has a long and successful track record of helping organizations secure their applications," said Surag Patel, Chief Strategy Officer, Contrast Security. "The increasing dependence on open source is undeniable and the ability for enterprises to leverage open source software without risk to the business, remains a top priority for VPs of Development, CISOs and CIOs. We are excited to offer the first complete solution that enables real-time inventory, assessment of security risk, assessment of licensing compliance risk and security exploit prevention for open source software. In an era of accelerated software delivery, customers can now embed automated controls into their software development and delivery pipelines, and monitor all of their applications and open source dependencies continuously. Leveraging the Contrast Security platform, organizations now have an embedded security solution that is built for the modern software era, without having to deploy and orchestrate multiple tools."