CA Technologies Buys SourceClear, Emphasizing DevSecOps Movement
I’ve long been an advocate for DevSecOps. Leaving security out of the DevOps culture doesn’t make any sense. Data is more valuable than ever. Thus, keeping data safe is more important than ever. CA Technologies recently acquired SourceClear, a security-driven startup who emphasizes DevSecOps.
Widget not in any sidebars
The general manager of CA Veracode, Sam King, wrote in a press release, “As software becomes a bigger component of the value delivered by companies in every industry, it’s no exaggeration to say that every company is becoming a software company”
If every company is a software company, then every company should be a DevOps company. Better yet, a DevSecOps company. The acquisition of SourceClear emphasizes the importance of security for all these modern software companies.
King points out that with increased release speed comes an increased reliance on open source libraries. Open source libraries, of course, are inherently vulnerable. CA Technologies’ researched the security of open source software components and found that 88% had at least one component-based vulnerability. They also add that the Equifax hack was due to a single open source vulnerability. A DevSecOps approach would have prevented that.
SourceClear offers a SaaS-based software composition analysis (SCA) tool. It analyzes applications and determines if it has a vulnerable component. Thus, eliminating the problems that come from utilizing open source libraries. Additionally, Sourceclear’s SCA solution tells users whether or not the functionality of the vulnerable component is being used.
SourceClear predicts that there will be almost half a billion open-source libraries available to developers within a decade. Having a tool that can verify the safety of downloaded components is invaluable. DevSecOps is here to stay and the tools are becoming increasingly available.
“We plan to fully integrate the SourceClear technology into the Veracode cloud platform. We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability to confidently use open source components without introducing unnecessary risk.”
We encourage you to read the full blog post here.
Widget not in any sidebars
Doug Atkinson
An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.
- How to Benefit from Moving Your ECM Tool to the Cloud - May 31, 2019
- Where are 5G Networks for Enterprises? - December 21, 2018
- Solutions Review Best of 2018: Top Network Performance Monitoring Articles - December 20, 2018
