Supriya Ghosh (Editor)

SourceClear

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Key people
  
Mark Curphey (CEO)

Founder
  
Mark Curphey

Website
  
www.srcclr.com

Founded
  
2013

SourceClear httpssourceclearcomimagesSourceClearLogoPr

Headquarters
  
San Francisco, California, U.S.A.

Products
  
Application Security Tools

Sourceclear the chair removed homemade techno


SourceClear or SRC:CLR is an American software company with its namesake security tool for software developers. SourceClear focuses on open-source software development, plugging into developers' existing workflows and examining security risks of open-source and third-party code in real time. The company is headquartered in San Francisco, California with an office in Singapore. It has customers in the technology, social media, retail, finance and defense industries. In October 2015, it announced a $10 million Series A round of funding.

Contents

History

SourceClear was founded in Seattle in 2013 by Mark Curphey, its current CEO and the original founder of OWASP, who described SourceClear as "the only company on the planet 100% dedicated to building security tools for software developers."

In June 2014, SourceClear raised a $1.5 million seed round from a group of investors, including the former CSOs at Yahoo!, Verisign and Symantec and from Frank Marshall, the first VP of engineering at Cisco Systems. It raised an additional $10 million in October 2015 from Index Ventures and Storm Ventures in its Series A round of funding, with the intention of expanding its executive, engineering and research team.

SourceClear again made headlines in November 2015, when it identified a flaw in Spring Social, a popular Java application library. The flaw had allowed hackers to impersonate users on social media. SourceClear privately disclosed the flaw to Pivotal Software, which then patched the library. Later that month, SourceClear also demonstrated a Denial-of-service attack based on the Amazon AWS SDK for Java.

Software

The focus of SourceClear is open-source software development. Since developers are increasingly consuming and extending free open-source and third-party components and libraries, their products can become vulnerable to hacking. SourceClear's tools help developer by telling them what open-source they are using, who created it, what it is doing (or could do) in their applications and which components have vulnerabilities. They become a part of the developers' workflow and examine security risks of open-source code in real time. Their analytics and machine-learning tools analyze open-source components and report on their origin, creation, and impact on applications. They tell developers which vulnerabilities could be exploited by hackers and how to prevent them. The service also allows users to scan their GitHub repositories and run in their continuous integration systems.

SourceClear currently supports Java, JavaScript, Ruby on Rails, Node.js, and Python. It has announced plans to support Scala and C/C++.

References

SourceClear Wikipedia
(Text) CC BY-SA


Similar Topics