Flexera, the company that’s reimagining the way software is bought, sold, managed and secured, announced today it’s reimagining software supply chain safety. Flexera’s the first-in-industry to embed open source security into the heart of the software development build process with automatic analysis detection. It will help keep the software supply chain secure by enabling 100,000 developers around the world to sell clean products, free of open source vulnerabilities and license compliance risk.
“For nearly three decades, Flexera’s InstallShield product line has been ubiquitous in every software company’s development process. With our FlexNet Code Aware release, Flexera is extending our customers’ capabilities to do a quick scan for open source vulnerabilities and issues at the time the application is being packaged,” said Jim Ryan, Chief Executive Officer at Flexera. “In providing this capability, we are making it easier for software producers to gain unprecedented insight into what is in their code which they can, in turn, share with their customers. Driving collaboration between software producers and their customers is essential to eliminating the waste, inefficiency and risk that currently exists in what can only be described as a dysfunctional software supply chain.”
FlexNet Code Aware is the leading automated, open source risk assessment and package discovery solution helping software developers quickly scan products for security and Intellectual Property (IP) compliance risks. FlexNet Code Aware is now integrated with Flexera’s InstallShield and InstallAnywhere solutions. InstallShield is the global standard used by 100,000+ developers for creating Windows desktop, server and cloud installers on more than 500 million devices. InstallAnywhere is the leading solution for creating multiplatform installation experiences for physical, virtual and cloud environments.
By embedding FlexNet Code Aware into InstallShield and InstallAnywhere, open source security scanning is now a standard part of the software build process, helping developers discover and assess IP and vulnerability risks before products ship. This powerful, combined solution sets the foundation for a vulnerability-free build, ensuring a smooth, error-free installation.
Eliminating Open Source Risk Early – Really Matters
The use of open source components in software development is skyrocketing. A decade ago, developers were using less than 100 open source libraries per release. Today, some industries are using more than 1,000. In addition – developers are often not aware of the risks contained in the open source code they use.
According to Flexera data, as much as 50 percent of code used in development is open source – code developers didn’t write themselves. And as a whole, developers are only aware of up to four percent of the third-party software that comprises their products. As open source dependency increases, developers need to be good corporate citizens and truly understand the vulnerability risk and compliance requirements they are inheriting from the open source code they use. FlexNet Code Aware – now integrated with InstallShield and InstallAnywhere, identifies the libraries developers are using, and what the associated licensing terms are to ensure compliance.
“Open source security and compliance can’t be a once-a-year process – it simply doesn’t cut it any more given today’s demanding time-to-market pressures. Build/release engineers are the last people to touch products on a daily basis before they are packaged for installation. Up until now they haven’t really been able to do much around open source vulnerability management,” said Jeff Luszcz, Vice President of Product Management at Flexera. “These engineers are the front-line of defense in the development process and should be front-soldiers in ensuring open source security and compliance. With FlexNet Code Aware now embedded in InstallShield and InstallAnywhere, Flexera helps them find vulnerabilities as part of their ongoing, daily builds – without slowing them down. ”