FOSSA Provides End-to-End Governance for Third-Party Code
San Francisco, CA-based FOSSA -- an open source management firm -- has raised $23.2 million in a Series B funding round from Bain Capital Ventures, Canvas Ventures and Costanoa Ventures; bringing the total raised to $35 million.
The company has simultaneously launched FOSSA Security Management, a product designed to help organizations secure their software supply chain -- that is, the uncontrolled inclusion and use of open source software within their own software development. Gartner's Technology Insight for Software Composition Analysis, published in November 2019, estimated that 90% of the code in 90% of software in development and production is open source.
In June 2020, RiskSense reported on more than 1,000 vulnerabilities in just 54 popular open source projects during 2019. Between 2015 and 2020, almost 2,700 were reported and given CVE designations; and 89 of these vulnerabilities were weaponized. Companies must take the security of open source software included in their own software development seriously.
The problem goes beyond the vulnerabilities and includes accurate open source license maintenance. Historically, however, there has been little to help companies do this. This is the purpose of FOSSA Security Management, to provide a complete vulnerability and license scanning solution for open source software built on top of clear standards across teams and timelines.
CEO and founder Kevin Wang described the product to SecurityWeek. It uses proprietary analysis tools to dig into the open source software being used in development to find the vulnerability and license issues that might be missed by the developers. This analysis is integrated with a centralized policy engine. The policy is usually defined by the legal team, the security team, and the engineering team, and will differ fr ..
Support the originator by clicking the read the rest link below.
