SourceClear

SourceClear (now Veracode)
Founded	2013
Founder	Mark Curphey
Headquarters	San Francisco, California, U.S.A.
Key people	Mark Curphey (CEO) Paul Ambrosini (Co-Founder) Jason Nichols (Co-Founder) Asankhaya Sharma (Head of R&D)
Products	Application Security Tools
Website	www.veracode.com

SourceClear or SRC:CLR (later part of Veracode) was an American software company with its namesake security tool for software developers. SourceClear focused on open-source software development, plugging into developers' existing workflows and examining security risks of open-source and third-party code in real time. The company was headquartered in San Francisco, California with an office in Singapore. It had customers in the technology, social media, retail, finance, and defense industries. In October 2015, it announced a $10 million Series A round of funding. In 2018 it was acquired by CA Technologies; after which it was folded into Veracode.

History[edit]

SourceClear was founded in Seattle in 2013 by Mark Curphey, the original founder of OWASP, who served as the company's CEO, and who described SourceClear as "the only company on the planet 100% dedicated to building security tools for software developers."^[1]

In June 2014, SourceClear raised a $1.5 million seed round from a group of investors, including the former CSOs at Yahoo!, Verisign and Symantec and from Frank Marshall, the first VP of engineering at Cisco Systems.^[2] It raised an additional $10 million in October 2015 from Index Ventures and Storm Ventures in its Series A round of funding, with the intention of expanding its executive, engineering and research team.^[3]^[4]

SourceClear again made headlines in November 2015, when it identified a flaw in Spring Social, a popular Java application library. The flaw had allowed hackers to impersonate users on social media. SourceClear privately disclosed the flaw to Pivotal Software, which then patched the library.^[5] Later that month, SourceClear also demonstrated a Denial-of-service attack based on the Amazon AWS SDK for Java.^[6]

SourceClear was purchased by CA Technologies and became a part of Veracode in 2018.^[7] The srcclr CLI tool became a part of Veracode's integrated product suite.

Software[edit]

The focus of SourceClear was open-source software development. Since developers are increasingly consuming and extending free open-source and third-party components and libraries, their products can become vulnerable to hacking. SourceClear's tools helped developers by telling them what open-source they are using, who created it, what it is doing (or could do) in their applications and which components have vulnerabilities. They became a part of the developers' workflow and examined security risks of open-source code in real time. Their analytics and machine-learning tools analyzed open-source components and report on their origin, creation, and impact on applications. They informed developers which vulnerabilities could be exploited by hackers and how to prevent them. The service also allowed users to scan their GitHub repositories and run in their continuous integration systems.^[2]^[3]^[8]

SourceClear supported Java, JavaScript, Ruby on Rails, Node.js, and Python.^[9] with previously announced plans to support Scala and C/C++.^[10]^[8]

References[edit]

^ Tom Taulli (21 June 2014). "SourceClear: How The Founder Raised A $1.5M Seed Round". Forbes. Retrieved 28 November 2015.
^ ^a ^b Frederic Lardinois (11 June 2014). "SourceClear Raises $1.5M Seed Round For Its Software Security Platform". TechCrunch. Retrieved 28 November 2015.
^ ^a ^b Christina Mulligan (30 October 2015). "SourceClear raises funding to help improve software security". SD Times. Retrieved 28 November 2015.
^ Deborah Gage (27 October 2015). "SourceClear Raises $10M to Secure Open-Source Code". Wall Street Journal. Retrieved 28 November 2015.
^ Michael Mimoso (13 November 2015). "CSRF Flaw Patched in Popular Spring Social Core Library". Threat Post. Retrieved 28 November 2015.
^ Asankhaya Sharma (24 November 2015). "Amazon AWS Java SDK Vulnerability Disclosure". SourceClear. Retrieved 28 November 2015.
^ Sam King (9 April 2018). "Press Release: 'CA Technologies Acquires SourceClear, Advancing SCA Capabilities...'". Retrieved 19 January 2023.
^ ^a ^b John K. Waters (16 November 2015). "Spring Social Vulnerability Fixed by a Newcomer". ADT Mag. Retrieved 28 November 2015.
^ "SourceClear Frequently Asked Questions". SourceClear. Retrieved 2016-11-18.
^ Jordan Novet (27 October 2015). "Developer-focused security startup SourceClear raises $10M". Venture Beat. Retrieved 28 November 2015.

External links[edit]

Official website

[1] Tom Taulli (21 June 2014). "SourceClear: How The Founder Raised A $1.5M Seed Round". Forbes. Retrieved 28 November 2015.

[TechCrunch-2] Frederic Lardinois (11 June 2014). "SourceClear Raises $1.5M Seed Round For Its Software Security Platform". TechCrunch. Retrieved 28 November 2015.

[SDTimes-3] Christina Mulligan (30 October 2015). "SourceClear raises funding to help improve software security". SD Times. Retrieved 28 November 2015.

[4] Deborah Gage (27 October 2015). "SourceClear Raises $10M to Secure Open-Source Code". Wall Street Journal. Retrieved 28 November 2015.

[5] Michael Mimoso (13 November 2015). "CSRF Flaw Patched in Popular Spring Social Core Library". Threat Post. Retrieved 28 November 2015.

[6] Asankhaya Sharma (24 November 2015). "Amazon AWS Java SDK Vulnerability Disclosure". SourceClear. Retrieved 28 November 2015.

[7] Sam King (9 April 2018). "Press Release: 'CA Technologies Acquires SourceClear, Advancing SCA Capabilities...'". Retrieved 19 January 2023.

[ADTMag-8] John K. Waters (16 November 2015). "Spring Social Vulnerability Fixed by a Newcomer". ADT Mag. Retrieved 28 November 2015.

[9] "SourceClear Frequently Asked Questions". SourceClear. Retrieved 2016-11-18.

[10] Jordan Novet (27 October 2015). "Developer-focused security startup SourceClear raises $10M". Venture Beat. Retrieved 28 November 2015.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]