Code security leader commits $15K annually to support developers and their open source projects
Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced its new Open Source Software (OSS) Sponsorship Program which will financially support the developers of open source projects to help augment proprietary code developed in-house and to accelerate time-to-market.
The use of OSS brings with it certain challenges that the organizations that leverage it need to manage, such as balancing the risk/reward equation as they navigate the trade-offs between agility, quality, vulnerability and software security. Attacks on vulnerable open source code can be just as effective as other approaches—and with far less effort. A prime example is the 2017 Equifax breach, which stemmed from a vulnerability in the widely used Apache Struts open source development framework for creating enterprise Java applications—at the cost of at least $1.38 billion to date.
“The majority of OSS projects are maintained by either a single developer or a small team of volunteer developers. The amount of time and resources they have to look at and update their code is completely unknown, and some software might not be maintained at all as these developers are under no obligation to do so,” said Jeff Williams, Co-founder and Chief Technology Officer at Contrast Security. “We created the Contrast Open Source Sponsorship Program to support the efforts of these independent developers. I hope others join us in supporting these projects as they improve the entire developer ecosystem and make the world a better and more secure place.”
The program will provide more than $15,000 to financially support open source projects throughout the year. Contrast has rewarded its first installment of projects to the following:
- Corpus: A collection of popular Go modules. Contrast’s Go agent team uses this collection of modules to help test the agent’s instrumentation in order to ensure its safety and reliability. Contrast is proud to support Corpus and hopes the maintainer, Daniel Marti, continues to improve this project and create more great open source software.
- KubeOps: A C# .NET SDK for writing custom Kubernetes Operators. Contrast used this library as the foundation to build the Contrast Agent Operator and hopes the project’s primary maintainer, Christoph Buhler, continues to improve this project and create more great open source software.
- NapiRS: Provides the glue between Rust and NodeJS. This enables Contrast’s NodeJS agent to take advantage of the company’s new performant Protect analysis engine written in Rust without having to write C-code bindings to the Rust library’s C-interface. Without NapiRS, significant work would be required to integrate the new Rust-based Protect analysis engine with the NodeJS agent. Contrast is happy to support NapiRS and looks forward to further improvements on this important project.
- Homebrew: Solves the problem of having to figure out how to install a piece of software – sometimes more than one version of the same piece of software – and all of its dependencies and configures them in a working state. It’s important to Contrast because many of the company’s engineers develop on a Mac and there are few alternatives that work like Homebrew.
- Yarn: A package manager used by the team behind the Contrast UI to install and upgrade the JavaScript dependencies of a few different applications. Contrast is supporting Yarn because its tooling and automation enable engineers to quickly build dynamic web applications using a variety of different JavaScript libraries.
- SpringDoc: A Java library used to generate API documentation for the Contrast platform’s APIs. Contrast is supporting SpringDoc because it provides a robust set of well-documented APIs that makes modern software better. Additionally, SpringDoc makes generating software documentation more efficient.
- Autofac: A dependency injection library used by Contrast’s .NET Framework and .NET Core agents. Unlike some dependency injection libraries, AutoFac continues to support both the newer .NET Core runtimes as well as the older .NET Framework runtimes. This helps engineers share code between Contrast’s two .NET agents. Contrast is supporting AutoFac because having a dependency injection library that is usable across both .NET and .NET Framework makes it easier to build and test the various components.
To learn more about the Contrast Secure Code Platform, CodeSec or other ways Contrast gives back to developers, please visit the Contrast Website.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!
