rolex
SSupported by cloud hosting provider DigitalOcean – Try DigitalOcean now and receive a $200 when you create a new account!

FOSSID Delivers A State-Of-The-Art Open Source Scanner That Integrates Seamlessly Into Your Development Process

Listen to this article

Below is our recent interview with Fredrik Ehrenstråle, VP of Marketing at FOSSID:

Fredrik Ehrenstråle

Q: Could you provide our readers with a brief introduction to FOSSID?

A: Gladly! FOSSID is a new bright star on the Software Composition Analysis sky, focusing on Open Source Compliance and Security. We offer a state-of-the-art open source scanner that integrates seamlessly into your development process and detects pieces of Free and Open Source Software (FOSS) in your code base, from entire components to code snippets. Our software uncovers license obligations, compliance issues, and security vulnerabilities, so that you can focus on what you do best – creating great products and services!

We also see a tremendous interest in our open source audit services, where we help companies (oftentimes in M&A transactions scenarios) understand the software they are about to acquire. Our “blind audit” methodology guarantees full confidentiality since we do not need to see the source code that is being audited.

Since its foundation in 2016, FOSSID has been self-financed, and quickly attracted the interest of Fortune 500 companies pioneering the FOSSID tools and services. New, large customers have joined them, forming a 200% year-on-year revenue growth. With offices in Sweden, Romania, and Japan, we currently employ some 30 people, with a heavy representation in engineering. We serve global customers in all parts of the world, particularly the U.S., Europe, Japan, and China.

FossidRecommended: An Interview With Joe Reilly, President Of National Drug Screening

Q: Why do you believe in the strength of open source?

A: Well, if we look back only twenty years, open source adoption has skyrocketed. Most industry verticals have already been disrupted, starting with internet/web, followed by telecom, automotive, finance and now even energy. Open source software has proven itself to be an unstoppable force and fundamental for innovation and growth. Many companies have well above 50% open source in their code base, with open source software as a key pillar in their corporate strategy.

Companies are incorporating open source software into their platforms for the different advantages it offers, and software stacks can consist of code from different sources under different licenses. Historically, this was never much of an issue, since the software was implemented using proprietary software from various 3rd party software providers with negotiated licensing terms, and the business environment was predictable. Companies simply mitigated potential risks through license and contract negotiations with the software vendors. But now, the business environment has evolved, where companies must deal with dozens of different open source licenses, and hundreds or even thousands of licensors and contributors.

If open source software has become the new normal when creating enabling technologies, open source compliance has become the normal of ensuring that your organization meets the legal obligations of the various applicable licenses, and that is where FOSSID comes in. Our mission is to help companies achieve maximum FOSS adoption efficiency by introducing tools that provide unprecedented levels of accuracy, performance, privacy and automation.

Q: What is the biggest challenge you’ve faced in launching your business and how did you overcome it?

A: Open source grows exponentially, and while it is pleasant to ride that feature growth wave, FOSSID has to keep up with trillions of lines of open source code and tens of thousands of security vulnerabilities, store that information in a manageable way, and find an efficient way of finding the right data at the right time.

The existing vendors solved it by curating the most likely/common open source projects to keep their knowledge base contained at a defendable server footprint and used traditional search engine algorithms to query the knowledge base. This resulted in slow and incomplete scan results and caused additional manual labor to analyze the code.

FOSSID solved this by machine harvesting all known open source repositories and storing the equivalent data (essentially a hashed version of the code) on a patent pending format. Although all known open source projects are indexed, thereby offering the market’s most comprehensive knowledge base, the footprint is dramatically reduced to a few terabytes. This, in combination with a purpose-built search engine, gives a whopping average scan speed of 70 files per second. The artificial intelligence of the search engine gives precise and accurate results and finds whole open source components, files and even snippets of code. Thanks to the AI capacity, false positives are removed, and manual analysis efforts are minimized.

Q: What’s the best thing about FOSSID that people might not know about?

A: We are in rapid growth (200% YoY) and although we are only three years old in the business, we have become a household name in the industry. Customers value us for the performance and comprehensiveness of our solution, but also for the ease of usage and flexible integration of our web application and CLI products, and deployment options (local/cloud).

Our open source audit service clients particularly appreciate our “blind audit” approach where we do not need to see the audited source code. This gives them the levels of security and confidentiality they need.

FossidRecommended: Meet WIMCO – A Pioneer In The High-End Full-Service Villa Rental Space

Q: What are your plans for the future?

A: We are sharpening our offer even further on multiple fronts. Firstly, we have a continuous machine harvesting process in place, so that we stay comprehensive and updated with any advancements in the open source world, be it new projects surfacing, or new versions of projects, or new security vulnerabilities being identified.

Secondly, we are evolving our AI capabilities to eliminate the need for human involvement. The goal is to offer a lightweight tool for any developer to use in his/her daily work, that is completely autonomous and gives the developer all the support needed to maximize the adoption of open source and spur innovation and growth.

Activate Social Media:
Facebooktwitterredditpinterestlinkedin
Mercedes-Benz-EQS