WhiteSource has just acquired Diffend, an open-source malware security and threat detection solution that will allow WhiteSource an advanced platform for mitigating software supply chain risk. Diffend’s current commercial offerings will now be available for free under its new name WhiteSource Diffend.
Once malicious packages are installed, scanning at that point is too late. Instead, it’s important to start blocking them before they are downloaded or installed. WhiteSource Diffend is designed for near-invisible, exception-based alerting on software supply chain security threats.
Mensfeld added, “in the past week alone, the Diffend platform has been responsible for detecting and reporting 60 suspicious packages to Rubygems, all of which have now been removed, benefiting all open-source users.” Maciej Mensfeld joins WhiteSource as Senior Product Manager for Software Supply Chain Security.
Software supply chain attacks occur when malicious code is added to commercial or open-source software directly or indirectly deployed by the client or used as part of the build and publish process. Damage from a supply chain attack can be severe, ranging from impacting application traffic to exposing sensitive systems and data.
WhiteSource Diffend requires a single install for the entire organization and blocks malicious package install or update to protect not only the production app but also the entire CI system. The system offers:
- governance and vulnerability management
- malware protection
- threat detection
Diffend’s existing capabilities will remain free while also integrated into WhiteSource’s enterprise products, for the added benefit of unified policy controls and management capabilities.
Original Source: PR Newswire