Since May 2016, when SourceClear released the free version of SourceClear (Open), we have discovered and released over 910 unique vulnerabilities in open source libraries that did not have a CVE at the time of publication, including 72 high risk vulnerabilities. The majority of these issues we call “half-days” , vulnerabilities that are not found in any other public database or identified with any other security tool besides SourceClear. You can see the stats behind our research here.
Finding new and unique vulnerabilities in open source libraries is the #1 priority at SourceClear. We have invested millions of dollars in machine learning, data science and in our human security research team. We believe that our infrastructure, techniques, intellectual property and team are the best in the world at identifying previously unknown risks in open source. Our growing list of customers continues to validate us and our data.
Starting this week, we will only make this high value data (SourceClear identified Original Vulnerabilities), available to our paying customers. For our paying customers of Pro, you will see no change in experience. For users of Open (Free), you will notice changes in our CLI outputs and in our web data and reports. We will continue to make CVE based vulnerabilities, and the SourceClear artifacts that support them, available for free to everyone. To simplify our naming, SourceClear Open will now be called SourceClear Free.
This change will allow us to invest even more money in scaling our data-science, machine learning and human research. With this new scale, our goal is to exponentially increase the pace of identifying new vulnerabilities, growing our discovery from hundreds of new vulnerabilities per month to thousands, making the use of open source safer for everyone!
If you have any questions on these changes or if you want to purchase a subscription license for SourceClear Pro, please contact us at email@example.com.