Author

Daniel Wisenhoff

Browsing

Today there is likely no software project without some form of external libraries, dependencies, open source or whatever you want to call it. But how do you make sure you import healthy dependencies, which do not introduce vulnerabilities and risk into your software? The explosion of open source The amount of open source or other third party code used in a software project is often estimated as 60-90% of the total codebase. The total number of public repositories exceed 100M in 2018 according to GitHub. According to our own findings, practically all companies developing software use open source, third party components or dependencies to varying degrees. Let’s call them dependencies from now. More often than not, hundreds of dependencies are used. This adds a new dimension to software development in that security issues in such code will affect the products in similar ways as issues in the in-house developed code.…

Debricked has received 800.000 SEK from Vinnova for building a prototype that will improve management and understanding of vulnerabilities in third party code. The prototype will use Debricked’s vulnerability database, extend it and provide value creation in several important aspects. Some examples include visualization and comparison of a large number of products and releases, analysis of device configuration, and APIs for collecting device information. In addition to this, Debricked will also participate in HATCH, a Lund University project that aims to better understand how vulnerability information is communicated in the value chain.

Debricked AB is a spin off company from a research project coordinated by Lund University, Sweden. The project’s main goal was to develop, implement and evaluate processes and tools for handling vulnerabilities in third party software components. This is related to the well known area of software component analysis (SCA). Debricked takes some of the research results, extends and improves them, and offers them to the market. Security is not a tool or a practice that can be applied once with the hope of solving all past, current, and future problems. Debricked strongly believes that secure products can only be acheived by increasing awareness in all parts of an organizations, have well defined policies and activites for working with security, and on top of that have tools that are used to make the security process more efficient, accurate, and complete. Many companies are today left with the option to use…