With open-source code libraries, developers can potentially use code in their own applications that hasn’t been updated and has known vulnerabilities. That’s one of the use-cases for the SourceClear service, which can check to see if the code a developer is using in an application has known vulnerabilities.
SourceClear is also able to identify non-publicly disclosed vulnerabilities, Curphey explained, adding that the company has developed technology that can identify patterns in software that can be indications of a potential vulnerability. There are often more unknown vulnerabilities in source code than issues that have already been publicly disclosed, he said.