OSS Risks and WhiteMountains
Software development supply chain risks have caused huge and costly damages across industries. Moreover, regulators demand higher standards for the health of OSS. WhiteMountains provides the insights on whether an Open Source Software project is credible or not based on automated analysis of data from the open source community ecosystem.
WhiteMountains monitors your OSS landscape on a regular basis. The insights are delivered in a dashboard but also in a C-level report. Automatic alerts are sent when a specific OSS dips below a certain credibility threshold.
​
4 mins
BENEFITS
Validate Compliance with OSS Policies
on a Continuous Automated Basis
Risk Reduction
Our WhiteMountains platform integrates with the existing software delivery process, enabling information security professionals to ensure compliance and reduce risks.The possibility of individual bias in OSS assessments is eliminated through intelligent benchmarking.
Feel Secure
With our monitoring and reporting capabilities, WhiteMountains provides peace of mind for CISO and Management of companies that want to use Open Source Software in a secure manner.
Happy Developers
Software developers no longer need to perform manual assessments, saving a significant amount of time. Additionally, WhiteMountains analyzes many more factors than a professional can execute given the limited time.
Features
1
Benchmarking
Experts regularly evaluate a benchmark of the best and well-maintained OSS projects. Your OSS landscape is compared against this benchmark, and each OSS project is assessed against the WhiteMountains Credibility Score. Your organization receives a thoroughly researched benchmark as a starting point, which can be tailored and customized by yourself.
2
Scoring Engine
Our scoring algorithms use a collection of OSS metadata and community-driven attributes from multipe sources. These elements are then utilized to compute a series of KPIs, which contribute to the WhiteMountains Credibility Score. This includes the assessment of developer activity, contributor diversity, community engagement and support responsiveness, etc.
3
Co-creation
WhiteMountains is founded on the principle of involving a variety of experts and organizations in the enhancement of benchmark composition and scoring metrics. This collaborative approach leads to an ever-improving machine for assessing OSS credibility.
We believe it is the right approach for fixing these complexities.
CONTACT
Let’s Work Together
and bring OSS Assessments to the next level
Millennium Tower - Weena 690
3012 CN Rotterdam, The Netherlands
Tel: + 31 10 476 76 95
​
WhiteMountains - an E2E Software Venture