Contrast Security Rolls Out Open Source Software Sponsorship Program to Support Developers

Code security leader commits $15K annually to support developers and their open source projects

Los Altos, CA — November 29, 2022 — Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced its new Open Source Software (OSS) Sponsorship Program which will financially support the developers of open source projects to help augment proprietary code developed in-house and to accelerate time-to-market. 

The use of OSS brings with it certain challenges that the organizations that leverage it need to manage, such as balancing the risk/reward equation as they navigate the trade-offs between agility, quality, vulnerability and software security. Attacks on vulnerable open source code can be just as effective as other approaches—and with far less effort. A prime example is the 2017 Equifax breach, which stemmed from a vulnerability in the widely used Apache Struts open source development framework for creating enterprise Java applications—at the cost of at least $1.38 billion to date.

“The majority of OSS projects are maintained by either a single developer or a small team of volunteer developers. The amount of time and resources they have to look at and update their code is completely unknown, and some software might not be maintained at all as these developers are under no obligation to do so,” said Jeff Williams, Co-founder and Chief Technology Officer at Contrast Security. “We created the Contrast Open Source Sponsorship Program to support the efforts of these independent developers. I hope others join us in supporting these projects as they improve the entire developer ecosystem and make the world a better and more secure place.” 

The program will provide more than $15,000 to financially support open source projects throughout the year. Contrast has rewarded its first installment of projects to the following:

• Corpus: A collection of popular Go modules. Contrast’s Go agent team uses this collection of modules to help test the agent’s instrumentation in order to ensure its safety and reliability. Contrast is proud to support Corpus and hopes the maintainer, Daniel Marti, continues to improve this project and create more great open source software.
  
  
• KubeOps: A C# .NET SDK for writing custom Kubernetes Operators. Contrast used this library as the foundation to build the Contrast Agent Operator and hopes the project’s primary maintainer, Christoph Buhler, continues to improve this project and create more great open source software.
  
  
• NapiRS: Provides the glue between Rust and NodeJS. This enables Contrast’s NodeJS agent to take advantage of the company’s new performant Protect analysis engine written in Rust without having to write C-code bindings to the Rust library’s C-interface. Without NapiRS, significant work would be required to integrate the new Rust-based Protect analysis engine with the NodeJS agent. Contrast is happy to support NapiRS and looks forward to further improvements on this important project.
  
  
• Homebrew: Solves the problem of having to figure out how to install a piece of software - sometimes more than one version of the same piece of software - and all of its dependencies and configures them in a working state. It's important to Contrast because many of the company’s engineers develop on a Mac and there are few alternatives that work like Homebrew.
  
  
• Yarn: A package manager used by the team behind the Contrast UI to install and upgrade the JavaScript dependencies of a few different applications. Contrast is supporting Yarn because its tooling and automation enable engineers to quickly build dynamic web applications using a variety of different JavaScript libraries.
  
  
• SpringDoc: A Java library used to generate API documentation for the Contrast platform’s APIs. Contrast is supporting SpringDoc because it provides a robust set of well-documented APIs that makes modern software better. Additionally, SpringDoc makes generating software documentation more efficient.
  
  
• Autofac: A dependency injection library used by Contrast’s .NET Framework and .NET Core agents. Unlike some dependency injection libraries, AutoFac continues to support both the newer .NET Core runtimes as well as the older .NET Framework runtimes. This helps engineers share code between Contrast’s two .NET agents. Contrast is supporting AutoFac because having a dependency injection library that is usable across both .NET and .NET Framework makes it easier to build and test the various components.

To learn more about the Contrast Secure Code Platform, CodeSec or other ways Contrast gives back to developers, please visit the Contrast Website. 

About Contrast Security (Contrast):

A world leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete software development life cycle (SDLC) with Contrast to protect against today’s targeted application security (AppSec) attacks. Contrast also makes security testing available to all developers for free with CodeSec. 

Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today’s pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of common vulnerabilities and exposures (CVEs). This allows security teams to avoid spending time on focusing false positives and remediate true vulnerabilities faster. Contrast’s platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance.

Contrast protects against major cybersecurity attacks for its customer base which represents some of the largest brand-name companies in the world, including BMW, DocuSign, AXA, Zurich, SOMPO Japan and American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM Cloud, Guidepoint, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers. 

The growing demand for the world’s only platform for code security has landed the company on some of the most prestigious lists including the Inc. 5000 List of America’s Fastest Growing Companies and has designated Contrast as one of the fastest growing companies on the Deloitte Technology Fast 500 List. 

Learn more: https://www.contrastsecurity.com/

Follow us: Blog | Twitter | LinkedIn | Facebook

Media Contact: 
Laura Asendio
Public Relations Manager
Contrast Security 
pr@contrastsecurity.com