OSS Risks and WhiteMountains
Software development supply chain risks have caused huge and costly damages across industries. Moreover, regulators demand higher standards for the health of OSS. WhiteMountains provides the insights on whether an Open Source Software project is credible or not based on automated analysis of data from the open source community ecosystem.
WhiteMountains monitors your OSS landscape on a regular basis. The insights are delivered in a dashboard but also in a C-level report. Automatic alerts are sent when a specific OSS dips below a certain credibility threshold.
Validate Compliance with OSS Policies
on a Continuous Automated Basis
Our WhiteMountains platform integrates with the existing software delivery process, enabling information security professionals to ensure compliance and reduce risks.The possibility of individual bias in OSS assessments is eliminated through intelligent benchmarking.
With our monitoring and reporting capabilities, WhiteMountains provides peace of mind for CISO and Management of companies that want to use Open Source Software in a secure manner.
Software developers no longer need to perform manual assessments, saving a significant amount of time. Additionally, WhiteMountains analyzes many more factors than a professional can execute given the limited time.
Experts regularly evaluate a benchmark of the best and well-maintained OSS projects. Your OSS landscape is compared against this benchmark, and each OSS project is assessed against the WhiteMountains Credibility Score. Your organization receives a thoroughly researched benchmark as a starting point, which can be tailored and customized by yourself.
Our scoring algorithms use a collection of OSS metadata and community-driven attributes from multipe sources. These elements are then utilized to compute a series of KPIs, which contribute to the WhiteMountains Credibility Score. This includes the assessment of developer activity, contributor diversity, community engagement and support responsiveness, etc.
WhiteMountains is founded on the principle of involving a variety of experts and organizations in the enhancement of benchmark composition and scoring metrics. This collaborative approach leads to an ever-improving machine for assessing OSS credibility.
We believe it is the right approach for fixing these complexities.