The latest addition to the Lineaje product portfolio empowers organizations to secure the entire software supply chain.
Lineaje, a leader in continuous software supply chain security management, today unveiled Open- Source Manager (OSM). The comprehensive, first-of-its-kind solution brings transparency to open- source software components in applications and proactively manages and mitigates associated risks. Lineaje’s OSM enables full lifecycle governance of open-source software with trust, speed, and reliability helping to build an overall stronger security posture for complex software development organizations.
Research indicates that open-source software has 10-times more risk than code created by internal developers and accounts for 95% of all risk in applications. Lineaje’s OSM unveils the hidden depths of open-source dependencies, tracing 20+ levels and pinpointing every package – down to the last level. It provides risk analysis for each component in that supply chain – including more vulnerabilities than any other tool. OSM automatically attests every component for tamperability and integrity – making it unique in its ability to discover components of dubious origin in software as well as to detect tampers like 3CX, XZ, and SolarWinds.
“As organizations continue to embrace open-source to drive high innovation and to accelerate development cycles, our software supply chain is effectively open-sourced. Open-source developers are typically great innovators but not-so-great maintainers of software,” said Javed Hasan, CEO & Co-Founder, Lineaje. “OSM is an automated open-source office in a box, extending an organization’s AppSec posture to open-source dependencies. It not only separates well- maintained and unmaintained open-source components but enables proactive mitigation of embedded open-source risks.”
OSM goes beyond discovery by introducing an innovative “plan & fix” module. Not all patches or vulnerability fixes are equally compatible or applied at the same dependency depth. Lineaje AI with BOMbots generates plans in minutes for open-source patching so that developers can apply all compatible and all incompatible patches in batches. This reduces mean time to protect (MTTP) and saves up to 40% in software maintenance efforts. Unmaintained components with unfixed vulnerabilities and policy violations can be routed to inner or out-sourced teams chartered to maintain risky open-source dependencies.
“As developers increasingly leverage open-source code to save time and increase their productivity and innovation, organizations need robust security measures because attackers often target vulnerabilities in commonly used open-source packages,” said Melinda Marks, Practice Director, Cybersecurity, Enterprise Strategy Group. “Lineaje’s Open-Source Manager will help organizations safely leverage open-source by identifying potential risks and remediating vulnerabilities, while also facilitating compliance with governance regulations.”
The OSM solution enables companies to:
“With the proliferation of open-source components in all applications, directly managing open- source dependencies has become paramount. Lineaje’s Open-Source Manager enables not only discovery but also planning and remediation of vulnerabilities,” said Ashok Banerjee, SVP, Product Engineering, Trellix. “Supply Chain Security is an essential tool for the modern software factory.”
“Persistent is proud to work with Lineaje to deliver the most comprehensive open-source maintenance service across diverse industries. The Persistent Open Source Hub embeds Lineaje’s Open-Source Manager (OSM) for proactive risk identification and automated mitigation enabling us to protect clients’ critical software,” said Nitish Shrivastava, Senior Vice President and Head of Products, Persistent. “This empowers us to provide trusted open-source components with fixes for issues not yet made available in the open-source community, boosting clients using Persistent’s open-source crew service. This boosts operational efficiency while swiftly ensuring compliance with governance standards. OSM has quickly become an indispensable part of our open-source service.”
To learn more about Lineaje, OSM, and its full software supply chain security portfolio, visit www.lineaje.dev or visit Booth NXT-03 at RSA Conference, May 6-9, 2024 for a demonstration.
Patti Jo Rosenthal chats about her role as Manager of K-12 STEM Education Programs at ASME where she drives nationally scaled STEM education initiatives, building pathways that foster equitable access to engineering education assets and fosters curiosity vital to “thinking like an engineer.”