Flexera is making its Code Aware product for assessing vulnerabilities in open source code blocks available to users of InstallShield.
Flexera is making an open source security offer to the owners of the InstallShield product for software developers. To help celebrate the company’s 30th anniversary, users who are current on InstallShield Maintenance can now subscribe at no charge to FlexNet Code Aware, an automated open source risk assessment and package discovery product. FlexNet Code Aware allows software developers to quickly scan their products for security and Intellectual Property (IP) compliance risks – before products ship.
“It’s critical that engineers are aware of open source security and compliance risks, and embed better processes into their installation builds to minimise those risks. Failing to do this has serious consequences, as made all too clear in the recent Apache Struts 2 related data breach that put 143 million Equifax consumers’ personal data at risk,” said Jeff Luszcz, Vice President of Product Management at Flexera. “InstallShield is the only installation development product in the world empowering developers to automatically check for open source security and compliance risk as part of the build process, setting the foundation for a vulnerability-free build while also ensuring a smooth, error-free installation. By running a quick scan in the daily build, InstallShield becomes the first line of defence against Open Source Software (OSS) vulnerabilities such as Apache Struts.”
FlexNet Code Aware, integrated in InstallShield, allows software developers to embed open source security into the very heart of the software development process, with automatic open source analysis detection. Today’s offer providing a free FlexNet Code Aware subscription to all InstallShield users will empower more than 100,000 developers already using InstallShield to secure the software supply chain, reducing their products’ exposure to open source vulnerabilities and licence compliance risk.
Why Open Source Security Scans Are Important
The use of open source components in software development is skyrocketing. A decade ago, developers were using less than 100 open source libraries per release. Today, some industries are using more than 1,000. In addition, developers are often not aware of the risks contained in the open source code they use.
Over 50 percent of a software product is open source – developed outside the organisation. As a whole, developers are only aware of up to four percent of the third-party software that comprises their products. As open source dependency increases, developers need to be good corporate citizens and truly understand the vulnerability risk and compliance requirements they are inheriting from the open source code they use. FlexNet Code Aware, integrated with InstallShield, identifies the libraries developers are using, and what the associated licensing terms are to ensure compliance.