Products
Contrast Application Detection and Response (ADR)

Contrast Application and API Security Testing (AST)

Contrast One^TM

Contrast Runtime Security Platform

Contrast Protect (RASP)

Contrast Assess (IAST/DAST)

Contrast Scan (SAST)

Contrast Software Composition Analysis (SCA)
Developer Central

Log4j Response

Pricing

How We Compare

Languages

Integrations
Solutions
BY USE CASE

Why IAST?

DevSecOps

Automated Penetration Testing

AppSec Monitoring

API Security

Software Supply Chain Security

Runtime Protection

Software Bills of Materials (SBOMs)

GitHub CI/CD

Compliance Testing

Services

BY DEPARTMENT

Dev and DevOps Teams

Security

DevSecOps

CISO

BY INDUSTRY

Government

Financial Services

Healthcare

Others
Partner
Technology Partners

Systems Integrators

Ecosystem Integrations

Managed Security Services Providers

Channel Partners Overview

Cloud Partners

GitHub
Partner Program Overview

Become a Partner

Find a Partner

Visit Partner Portal
GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Read the Blog
Customers
Company
About Us

Leadership Team

Culture & Careers

Women of Contrast

Contact Us
Blog

Events & Webinars

Newsroom

Podcast

Awards
Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Learn More
Resources
Contrast for Developers

Contrast Secure Code Learn Hub

Contrast Community

Resource Center

OWASP Top 10

Accountability & Transparency

SBOMs

ContrastLive

Support

Services

Trust Center

Documentation

Product Release Notes

Blog

Podcast

Events

Glossary
Contrast Incident Response Hub

Spring4Shell Vulnerability

Log4j Vulnerability

Weekly CISO Update

Trust Center
Developers

Open Source Software (OSS) is the Turbo Charger of Innovation

December 14, 2017

Software is at the heart of Digital Transformation, and organizations are using software more than ever for economic and productivity purposes in order to transform the way they run their business – to address customer needs, for better customer experience, greater efficiency, faster time to market and cost optimization. In short, organizations need to stay relevant, competitive and well positioned by delivering solutions and reacting to business and technology changes. OSS is turbo charging these efforts by enabling organizations to reuse the software assembled via the open source community in order to deliver to market even faster.

Figure 1: Digital Transformation of Business via Software

The Ubiquity of Open Source Software

The adoption of third-party OSS has increased significantly over the last few years to help augment proprietary code developed in-house and to accelerate time-to-market. This use of OSS speeds application development and helps gets compelling business applications to market faster.

Figure 2: In-house and external Open Source Software

Open Source Introduces Vulnerability and Risk to the Equation

Adopting OSS reduces overall development costs and frees developers to work on more value-added tasks. However, as companies use open source code, they risk introducing vulnerabilities that predispose them to getting breached.¹

A quick look at the stats reveal the risks...

96% of applications include some form of OSS
67% of applications contain open source vulnerabilities
90% of software applications are NOT security tested
41% of vulnerabilities are detected and remediated manually

Libraries & Custom Code

Given the risks, it is critical that organizations understand the composition of their software applications. For example, the majority of application source code (79%)²is comprised of libraries. Obviously, these libraries must be actively managed and organizations should continuously monitor for known vulnerabilities in actively used libraries because of the potential risks they represent.

Figure 3: Contrast Security: State of Application Security 2017

Increased Software Risk Means More Business Risk

Applications that use OSS are a primary target for cybercriminals because once vulnerabilities in OSS are discovered, adversaries can attack virtually any application built using that now-vulnerable OSS. That means software development, security and operations teams must factor in and address the risk of OSS. And, with more of every business based on software, those software risks are in fact business risks.

Security – The Key Component of Digital Transformation and Software Development

Digital transformation is driving the creation of more software, delivered faster. OSS helps meet the need for speed, but can introduce unanticipated risk to the business. Contrast Security is uniquely positioned to deliver affordable, automated application security solutions that address OSS risk at scale. We enable development and security teams to embed application security within the entire Software Development Life Cycle (SDLC) quickly and inexpensively from development, QA and production. Our products make software “self-protecting”, so applications built on OSS can be created and deployed into production faster across many environments without compromising on their security.

As Jeff Williams, CTO, Co-founder, Contrast Security states:

“It used to be that attacks would take weeks or months to emerge after an application vulnerability was disclosed. Today, that safe window has been reduced to about a day, and will probably be only a few hours in 2018.”  

References:
1) Open Source Security Analysis, 2016
2) Contrast Security: The State of Application Security, 2017

Application Security

Contrast Marketing

Join Us On December 12th – OWASP Bay Area MeetUp

Jeff Williams, Contrast CTO: Security Predictions for 2018

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Contrast Incident Response Hub