SourceClear

SourceClear
Founded 2013
Founder Mark Curphey
Headquarters San Francisco, California, U.S.A.
Key people
Mark Curphey (CEO)
Products Application Security Tools
Website www.srcclr.com

SourceClear or SRC:CLR is an American software company with its namesake security tool for software developers. SourceClear focuses on open-source software development, plugging into developers' existing workflows and examining security risks of open-source and third-party code in real time. The company is headquartered in San Francisco, California with an office in Singapore. It has customers in the technology, social media, retail, finance and defense industries. In October 2015, it announced a $10 million Series A round of funding.

History

SourceClear was founded in Seattle in 2013 by Mark Curphey, its current CEO and the original founder of OWASP, who described SourceClear as "the only company on the planet 100% dedicated to building security tools for software developers."[1]

In June 2014, SourceClear raised a $1.5 million seed round from a group of investors, including the former CSOs at Yahoo!, Verisign and Symantec and from Frank Marshall, the first VP of engineering at Cisco Systems.[2] It raised an additional $10 million in October 2015 from Index Ventures and Storm Ventures in its Series A round of funding, with the intention of expanding its executive, engineering and research team.[3][4]

SourceClear again made headlines in November 2015, when it identified a flaw in Spring Social, a popular Java application library. The flaw had allowed hackers to impersonate users on social media. SourceClear privately disclosed the flaw to Pivotal Software, which then patched the library.[5] Later that month, SourceClear also demonstrated a Denial-of-service attack based on the Amazon AWS SDK for Java.[6]

Software

The focus of SourceClear is open-source software development. Since developers are increasingly consuming and extending free open-source and third-party components and libraries, their products can become vulnerable to hacking. SourceClear's tools help developer by telling them what open-source they are using, who created it, what it is doing (or could do) in their applications and which components have vulnerabilities. They become a part of the developers' workflow and examine security risks of open-source code in real time. Their analytics and machine-learning tools analyze open-source components and report on their origin, creation, and impact on applications. They tell developers which vulnerabilities could be exploited by hackers and how to prevent them. The service also allows users to scan their GitHub repositories and run in their continuous integration systems.[2][3][7]

SourceClear currently supports Java, JavaScript, Ruby on Rails and Node.js, but it has announced plans to support Python, Scala and C/C++.[8][7]

References

  1. Tom Taulli (21 June 2014). "SourceClear: How The Founder Raised A $1.5M Seed Round". Forbes. Retrieved 28 November 2015.
  2. 1 2 Frederic Lardinois (11 June 2014). "SourceClear Raises $1.5M Seed Round For Its Software Security Platform". TechCrunch. Retrieved 28 November 2015.
  3. 1 2 Christina Mulligan (30 October 2015). "SourceClear raises funding to help improve software security". SD Times. Retrieved 28 November 2015.
  4. Deborah Gage (27 October 2015). "SourceClear Raises $10M to Secure Open-Source Code". Wall Street Journal. Retrieved 28 November 2015.
  5. Michael Mimoso (13 November 2015). "CSRF Flaw Patched in Popular Spring Social Core Library". Threat Post. Retrieved 28 November 2015.
  6. Asankhaya Sharma (24 November 2015). "Amazon AWS Java SDK Vulnerability Disclosure". SourceClear. Retrieved 28 November 2015.
  7. 1 2 John K. Waters (16 November 2015). "Spring Social Vulnerability Fixed by a Newcomer". ADT Mag. Retrieved 28 November 2015.
  8. Jordan Novet (27 October 2015). "Developer-focused security startup SourceClear raises $10M". Venture Beat. Retrieved 28 November 2015.

External links

This article is issued from Wikipedia - version of the Friday, May 06, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.