The FOSSA takes care of the end-to-end management of third-party code.
In San Francisco, California, FOSSA, an open source software company, raised 23.2 million dollars in Series B funding from Bain Capital Ventures, Canvas Ventures and Costanoa Ventures, bringing the total to 35 million dollars.
At the same time, the company launched FOSSA Security Management, a product designed to help organizations ensure the security of the software supply chain, i.e. the uncontrolled inclusion and use of open source software in their own software development. The Gartner Technology Insight for Software Composition Analysis, published in November 2019, estimates that 90% of code in 90% of software development and production is open source.
In June 2020, RiskSense reported more than 1,000 vulnerabilities in 2019 in just 54 popular open source projects. Between 2015 and 2020, almost 2700 such cases were reported and marked as NBI, and 89 of these vulnerabilities were classified as weapons. Companies must take the security of open source software included in their own software development seriously.
The problem goes beyond vulnerabilities and includes proper maintenance of free software licenses. Historically, however, this has not helped companies much. The goal of FOSSA’s security management is to provide a comprehensive vulnerability scanning and licensing solution for open source software, built to clarify standards for all orders and deadlines.
Kevin Wang, CEO and founder, spoke about Safety Week. It uses non-free analytical tools to study the open source software used in development to find vulnerabilities and licensing problems that developers may be missing. This analysis is integrated into the central policy framework. The policy is usually determined by a team of lawyers, a security team and a team of engineers and varies from company to company and even applies to the application itself. This policy establishes business rules for what the company’s position is on vulnerability management, what licenses are acceptable and what is considered to be high quality code.
It’s important, Wang said, to have a central location where these rules can be stored and from where they can be automatically identified and applied throughout the development process.
According to the company, FOSSA enables organizations to actively monitor their open source software for vulnerabilities and licensing risks and to implement appropriate risk policies throughout their team to the extent that the risk is continuously reduced. In the related blog, the company says that the new product enables organizations to monitor vulnerabilities and risks related to open source software licenses as a unified automated process during development and implementation, and to ensure compliance with appropriate policies. In fact, FOSSA users would compare 47% less false positives, which means that the dependency vulnerabilities they really rely on are detected sooner in the SDLC.
Fosse was founded in 2015 by Van. She raised $8.5 million. In addition, the United Nations Development Programme (UNDP) and the United Nations Development Programme (UNDP) have made USD 20 million available for the A round financing cycle announced in September 2019. The new funding will contribute to the product development and expansion of FOSSA’s activities in the EMEA region.
That’s what it looks like: GrammaTech releases open source API security tool
That’s what it looks like: Google publishes an open source tool to find vulnerabilities in file access
That’s what it looks like: The new GitHub Security Lab aims to ensure the security of open source software.
That’s what it looks like: Cybersecurity companies Open source security technology development partners
Kevin Townsend is a prominent member of SecurityWeek. He wrote about high-tech problems even before Microsoft was born. Over the past 15 years, he has specialized in information security and has published several thousand articles in dozens of different magazines, from The Times and Financial Times to modern and old computer magazines.
Kevin Townsend’s previous columns: