Services & Products

Our offers in overview

  • Precise analysis of the licence types used in your company
  • Advice on how to set up your internal services in a secure and legally compliant manner
  • Advice on the (information) obligations you must fulfill
  • Consulting regarding the OSS components you are legally allowed to use in your individual use case
  • Implementation of ISO 5230 open chain compliance consulting and certification

>> We help your teams to set up a process landscape with suitable open source or commercial tools!

Who are our offers aimed at?

User companies

To corporate customers who use third-party software (users) and want to prevent attackers from exploiting security vulnerabilities in the software they use.

  • Precise identification of security vulnerabilities in the OSS components used and assessment of criticality.
  • Continuous monitoring of relevant OSS components with regard to newly discovered vulnerabilities
  • Pointing out mitigation strategies based on the vulnerable components - in case the development company takes longer to fix the vulnerability.

Developer companies

To development companies - companies or developers who develop software that, when shipped to companies or other customers, must ensure that their software does not or will not contain security vulnerabilities.

  • Precise identification of security vulnerabilities in the OSS components used and assessment of criticality.
  • Continuous monitoring of relevant OSS components with regard to newly discovered vulnerabilities
  • Highlighting usage within your codes and helping development teams eliminate vulnerabilities.
  • Assistance to improve your development processes
  • Training for software development teams

Our services:

Vulnerability Analysis

Identify vulnerabilities, assess them and identify causes

Modern software contains hundreds to thousands of open source software (OSS) components. It is therefore time-consuming to keep track of whether vulnerabilities to one of the components have been found by the security community.

These vulnerabilities are very interesting for hackers and potential attackers, because many websites or servers can be affected at the same time. There are often published exploits for the vulnerabilities. Malware can specifically and automatically search for vulnerable websites or servers and install backdoors.

License Compliance

List and evaluate all license types used in detail

The use of open source software (OSS) requires strict compliance with conditions defined in the OSS license texts. Often, there is no overview of the restrictions or obligations actually entailed by the use of OSS components.

Nested license constructions, due to interlinked OSS components in your code, lead to unclear situations where some licenses then "fight" against each other. As a result, there are components that are legally incompatible with each other, and may not be used together in a software product.

Consulting & Governance

Establish and implement action plan for improvement

For us, a high level of security and proven legal compliance in the use of open source software belong inseparably together. This requires a holistic approach.

If you don't want to buy fast services to identify your security vulnerabilities and license risks, if your IT landscape is somewhat larger and you don't want to pay for each scan individually, if you don't want to give the source code off-site for confidentiality reasons and you want to take the scans into your own hands, then we can advise you on how to set up your internal services in a secure and legally compliant manner. 

Frequently asked questions:

They are interesting for hackers and potential attackers, since many websites or servers can be affected at the same time. There are often published exploits for the vulnerabilities. Malware can specifically and automatically search for vulnerable websites or servers and install backdoors.

No.
OSS components are often much more stable than self-written ones due to the 1,000-fold use on the web. Furthermore, they are indispensable for software ecunomic reasons alone.

But: It leads, in our opinion, to greater due diligence, which we can support them in with our offerings and tools.

Contact us:

Trial offer

Initial experience and findings - No further obligations
  • Upload source code
  • Have it analysed
  • Receive report of the analysis
Contact us
* Docker Container are excluded from the analysis
POPULAR

Basic offer

Basic findings and recommendations for action
  • Review of the initial situation
  • Have it analysed
  • Receive report of the analysis
Contact us
* Docker Container are excluded from the analysis

Extended offer

Comprehensive findings and recommendations for action
  • Upload source code
  • Have it analysed
  • Receive report of the analysis
  • Compliance info package that makes you legally compliant
  • Be informed proactively for 1 year
Contact us
* Docker Container are analysed too

Consulting offer

Flexible performance - tailored to your situation
  • Review of the initial situation
  • Have test track created
  • Trainings
  • Take analysis and improvements completely into your own hands
Contact us
* Docker Container are analysed too
POPULAR

More about WoBeeCon:

Icon-email1 Linkedin
  • Hardtwaldstr. 10, 61273 Wehrheim, Germany
  • contact@wobeecon.com
  • +49 (0) 6081 958336

Design, illustrations and content © 2024 | WoBeeCon GmbH