CAST, a leader in software intelligence, has partnered with Software Heritage to provide businesses with a better understanding of the code powering their products and services.
Software Heritage is a non-profit organisation working to build a universal archive of all source code, similar to the Internet Archive’s Wayback Machine but for software rather than web pages.
The archive, sponsored by tech giants such as Intel, Google and Microsoft, already contains more than 5.6 billion source files and continues to grow.
As part of the partnership, unique indexing technology has been developed to allow users to search through these files more efficiently. Connected with CAST’s Highlight application, which provides software insights and analysis in areas such as cloud readiness, software health and data privacy, users will be able to identify the original use of a source file and see where else it has been used before.
“We are thrilled to welcome CAST as a key partner, joining us in our endeavour to collect, structure and preserve the precious knowledge embedded in source code and make it broadly accessible,” Roberto Di Cosmo, Founder and CEO of Software Heritage, said.
CAST Software Heritage partnership: Navigating licensing issues
According to CAST’s Executive Vice President of Research & Development Olivier Bonsignour, the partnership will provide the “the most comprehensive and automated solution for managing third-party license and security risk across the global software supply chain”.
The use of open source components means that businesses are bound by the licensing terms of that code. The GNU General Public Licence v2.0 [GPL v2], for example, states that “any modifications to or software including GPL-licensed code must also be made available under the GPL along with build & install instructions”. Essentially, by using code under that licence, the entire piece of software must be released under the same terms.
“IP license risk is interesting, and incredibly relevant to business stakeholders, because the company’s proprietary solutions or technologies could be based on open source frameworks. This means that other organizations, including competitors, can access and exploit their ‘secret sauce’ because it’s not secret at all; it’s publicly available,” Vincent Delaroche, founder and CEO of CAST, told Verdict.
“While most business leaders probably do have some knowledge that their IT departments are leveraging open source packages, that is typically the extent of their knowledge. They are not regularly briefed on potential risks – particularly IP license risks – associated with their organisation’s reliance upon OSS.”
“CAST is bringing automatic identification of these risks to market with Software Heritage so teams and business leaders can identify these risks with lightning-fast analysis and fix them quickly.”
Fighting cybercrime with software intelligence
“It’s [open source] a good boost for productivity, it’s free by definition,” Delaroche said. “But it’s also a massive threat if you don’t know what’s in it.”
“Lots of open source is developed by hackers, spies and so on and so on. It’s so easy to port something that can be super-controlled,” Delaroche said.
Cybercrime is expected to cost companies more than $5trn over the next five years. The growing issue is predicted to cost large businesses 2.8% in lost revenue growth annually. Poor security is to blame and, while it may not be possible to completely eliminate the threat, the CAST Software Heritage partnership will at least in some part help to reduce it.
“The resulting Software Intelligence generated from CAST’s unique and patented reverse-engineering technology will deliver real-time visibility into outdated or vulnerable components that need to be addressed as a priority for optimal operations and software security,” said Bonsignour.