Posted by Synopsys Editorial Team on September 28, 2016
On Tuesday, Protecode SC, the online software composition analysis product from Synopsys, scanned its one millionth customer submitted app.
“This is a significant milestone,” said David Chartier, VP of Marketing, Synopsys Software Integrity Group. “This is a strong showing of scalability and widespread adoption of Protecode SC and of it’s ability to meet the demands of our customers to provide them actionable security information from wide variety of industries, including those working on ICS and medical device firmware, mobile applications, and containerization of services. Not only we scan our one millionth application, we are peaking at over 1TB of data uploaded daily.”
Software composition analysis recognizes that software today is created by augmenting users’ own code with third-party code and components from various sources. In fact, up to 90 percent of software package can originate from sources other than the main author of the software. In some cases, third-party code is commercial code that you licensed, but more often than not it is some form of open source code. Outdated commercial and open source third-party code integrated into a product may expose it to software vulnerabilities and level the playing field for a malicious hackers. Thus OWASP raised ‘using components with known vulnerabilities’ to its 2013 Top 10 list of the most common and serious sources of vulnerabilities.
Software composition analysis allows you to detect and mitigate these hidden potential time bombs in the software that is being created, or used.
Protecode SC examines the binary file to produce a software bill of materials (BOM) and identifies known vulnerabilities against the current Common Vulnerabity Enumeration (CVE) from the Mitre organization. Not only does Protecode SC provides the CVEs but also the Common Vulnerability Scoring System (CVSS) rating for each vulnerability it flags. In addition, Protecode SC identifies common licenses such as Copyleft, Permissive, LGPL, and Proprietary. Protecode supports a wide variety of architectures, executable formats, compression formats, firmware formats and file systems making it a truly universal tool for software composition analysis.
To learn more about software composition analysis and Protecode, see our free white paper: