Does your company use open source software?
This has many advantages! - But is the software also legally secure and protected from cyber-attacks?
The challenges:
Legal Security
The use of open source software (OSS) requires strict compliance with conditions defined in the OSS license texts.
- Often, there is no overview of the actual restrictions or duties or the use of OSS components
- Nested license constructions lead to components that are legally incompatible with each other and may not be used together in a software product
- Claims for damages in the millions (copyright trolls) can be the result
IT-Security
Modern software contains hundreds to thousands of open source software (OSS) components. It is therefore time-consuming to keep track of them all.
- They are interesting for hackers and potential attackers, because many websites or servers can be affected at the same time
- There are often published exploits to the security vulnerabilities
- Malware can specifically and automatically search for vulnerable websites or servers and install backdoors
There is a simple solution: Book our service and avoid losses in the millions!
Our solution approach
What is used where and is vulnerable?
What measures are required?
What are the problems and what specifically needs to be improved?
Why WoBeeCon?
- We are the only provider that combines tool-based security and quality analysis of your open source usage with legal compliance analysis. And that also for Docker Containers.
- Only by combining security and compliance you can ensure the secure and legally compliant use of open source.
- We are not just a tool provider. We combine analysis tools, experience and clear recommendations for action into a holistic offering.
Our offers
Trial offer
Initial experience and findings - No further obligations-
Upload source code
-
Have it analysed
-
Receive report of the analysis
Basic offer
Basic findings and recommendations for action-
Review of the initial situation
-
Have it analysed
-
Receive report of the analysis
Extended offer
Comprehensive findings and recommendations for action-
Upload source code
-
Have it analysed
-
Receive report of the analysis
-
Compliance info package that makes you legally compliant
-
Be informed proactively for 1 year
Consulting offer
Flexible performance - tailored to your situation-
Review of the initial situation
-
Have test track created
-
Trainings
-
Take analysis and improvements completely into your own hands
More about WoBeeCon:
Challenges in the use of open source software components
However, the use of open source software components is not without challenges. Two major issues affect virtually all users of open source software:
81% of the analyzed code base contains security issues
53% of the analyzed code base has license compliance issues
(https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/)
We are convinced that this needs to be addressed. Because we believe that security and legal compliance is something that comes from within. Our services and products are designed to do this for you.
Today, hundreds of open source software (OSS) components are used in almost every software product. Current studies show that 97% of the analyzed code base uses open source software components (https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/)
There are many good reasons for this:
- OSS is inexpensive and readily available
- OSS is proven in use by tens of thousands of developers
- For almost every use case there are OSS components that offer solutions for typical and complex problems
- This saves months of development work and debugging, and the software is usually stable more quickly than without the use of OSS.
WoBeeCon GmbH has set itself the goal of providing companies with secure and competent advice and support in the use of open source software. With the help of our products, you will achieve a secure and legally compliant use of open source software in your company.
We combine many years of practical experience in the development of software, software architecture and the consulting of departments in technical and legal aspects to a holistic offer.
We strongly believe that your software development can benefit from open source and with the right level of security and legal understanding it can be further extended.
- So that you meet the requirements from information security standards (such as BSI-200, ISO-27001).
- So that you can document and perform new standards for open source license compliance (ISO-5230) as an integrator and supplier.
- So that you are prepared for the upcoming tightening of European product liability law.
Our credo is therefore: Open Source? For sure, but secure!
More about us
WoBeeCon specializes in open source software (OSS) and its licenses. Our conviction:
The careful handling of security and legal compliance aspects when using open source software components is finally gaining strategic importance for the well-being of your company. And we help with that!
We offer solutions and services in the area of GRC (Global Risk and Compliance) and cyber security to ensure secure and legally compliant products for customers. The company advises and supports customers in improving cyber security, for example to prevent threats from hacker attacks, and also in avoiding lawsuits that may arise from violations of license agreements.
We offer various services according to the client's request, including consultancy, deep scan of licences, identification of vulnerabilities and experts in OSS licences. And also OSS licence management solutions and licence compliance tools. We also specialise in vulnerability identification and 3rd party vulnerabilities and offer IT security and application security (AppSec) solutions.
Wobeecon helps provide an overview of the wide range of OSS licenses, including Strong Copyleft, Permissive and Semi-Permissive, to ensure that customers choose the appropriate license for their projects. According to the ifrOSS (Institute for Legal Issues in Free and Open Source Software), WoBeeCon helps guide clients through legal compliance and best practices for OSS software.
Services & Products
Vulnerability Analysis
Background: Open Source Software
Identify vulnerabilities, evaluate
and show causes
Security-related vulnerabilities in open source software (OSS) components can very quickly affect large areas of your software development.
Our offers include:
- Precise identification of security vulnerabilities in the OSS components used and assessment of criticality.
- Highlighting usage within your codes and helping development teams eliminate vulnerabilities
- Continuous monitoring of relevant OSS components with regard to newly discovered vulnerabilities
- Assistance to improve your development processes
- Training for software development teams
License Compliance
Detailed overview of all license types used
and evaluation by use case
Use of open source software (OSS) requires compliance with conditions,
defined in the OSS license texts.
Our offers include:
- Precise analysis of the types of licenses you have in use
- Advice regarding the OSS components they are legally allowed to use in their use case
- Advice on the (information) obligations you must fulfill
- Guidance on how to avoid possible licensing hurdles
- ISO 5230 Open Chain Conformity Consulting and Certification
Consulting & Governance
Draw up and implement an action plan for
improvement on the basis of the situation report
For us, a high level of security and proven legal compliance in the use of open source software belong inseparably together. This requires a holistic approach.
Our offers include:
- Advice on how to set up your internal services in a secure and legally compliant manner
- We help your teams to set up a process landscape with suitable open source or commercial tools
- Involvement of all relevant stakeholders in your company, and establishment of standards for legally compliant use of open source software
- Hardtwaldstr. 10, 61273 Wehrheim, Germany
- contact@wobeecon.com
- +49 (0) 6081 958336