Our approach

At OpenSourance, we understand the critical importance of using secure components in software development. Our unique approach ensures that developers avoid incorporating components with known vulnerabilities into new products. By providing comprehensive information, we enable companies to assess the trustworthiness of software for integration into their specific projects.

Our technologies evaluate open-source projects using a set of rigorous criteria:

  1. Level of Maintenance: We develop key performance indicators (KPIs) to measure the ongoing maintenance of open-source projects, ensuring that they are actively managed and updated.
  2. Level of Security: Regular secure code reviews are performed to identify and mitigate potential vulnerabilities, maintaining a high standard of security.
  3. Level of Fixing: We assess the responsiveness of the project by measuring the lead time required to address vulnerabilities of varying severity (critical, high, medium).

Additionally, we evaluate several other parameters to ensure comprehensive security:

  • Artifacts Integrity: Ensuring that the software artifacts are intact and have not been tampered with.
  • Bad Dependencies: Identifying and avoiding dependencies that introduce security risks.
  • Dev Platform Security: Assessing the security of the development platforms used in the project.

Our Supply Chain Risk Evaluation categorizes software with clear labels, helping organizations make informed decisions:

  • Green: Suitable for critical applications like online banking due to the absence of critical vulnerabilities and the reliability of the development community, such as those maintained by the Apache Foundation.
  • Orange: Indicates the presence of moderate vulnerabilities and a less reliable development community.
  • Red: Signifies the presence of critical vulnerabilities and an unreliable development community.

With extensive experience in software security, OpenSourance provides unparalleled expertise and guidance. Our commitment to excellence ensures that your software products are built on a secure and trustworthy foundation, safeguarding your business and its stakeholders.