top of page

Open Source Software Assessment

WhiteMountains is an automated service to perform ongoing credibility assessment of Open Source Software

OSS Risks and WhiteMountains

Software development supply chain risks have caused huge and costly damages across industries. Moreover, regulators demand higher standards for the health of OSS. WhiteMountains provides the insights on whether an Open Source Software project is credible or not based on automated analysis of data from the open source community ecosystem. 
WhiteMountains monitors your OSS landscape on a regular basis. The insights are delivered in a dashboard but also in a C-level report.  Automatic alerts are sent when a specific OSS dips below a certain credibility threshold.

4 mins



Validate Compliance with OSS Policies

on a Continuous Automated Basis

Risk Reduction

Our WhiteMountains platform integrates with the existing software delivery process, enabling information security professionals to ensure compliance and reduce risks.The possibility of individual bias in OSS assessments is eliminated through intelligent benchmarking.

Feel Secure

With our monitoring and reporting capabilities, WhiteMountains provides peace of mind for CISO and Management of companies that want to use Open Source Software in a secure manner. 

Happy Developers

 Software developers no longer need to perform manual assessments, saving a significant amount of time. Additionally, WhiteMountains analyzes many more factors than a professional can execute given the limited time.




Experts regularly evaluate a benchmark of the best and well-maintained OSS projects. Your OSS landscape is compared against this benchmark, and each OSS project is assessed against the WhiteMountains Credibility Score. Your organization receives a thoroughly researched benchmark as a starting point, which can be tailored and customized by yourself.


Scoring Engine

Our scoring algorithms use a collection of OSS metadata and community-driven attributes from multipe sources. These elements are then utilized to compute a series of KPIs, which contribute to the WhiteMountains Credibility Score. This includes  the assessment of developer activity,  contributor diversity, community engagement and support responsiveness, etc.



WhiteMountains is founded on the principle of involving a variety of experts and organizations in the enhancement of benchmark composition and scoring metrics. This collaborative approach leads to an ever-improving machine for assessing OSS credibility. 

We believe it is the right approach for fixing these complexities.



Let’s Work Together

and bring OSS Assessments to the next level

Millennium Tower - Weena 690
3012 CN Rotterdam, The Netherlands 

Tel: + 31 10 476 76 95

WhiteMountains - an E2E Software Venture

Thanks for submitting!

bottom of page