WhiteSource Announced the Acquisition of Diffend to Provide Software Supply Chain Security

Under the new name WhiteSource Diffend, all of Diffend's latest commercial products will be made available for free. WhiteSource is now able to provide an innovative framework for mitigating tech supply chain risk as a result of the acquisition.

FREMONT, CA: WhiteSource, the market leader in open source protection and management, has declared the acquisition of Diffend, an open-source malware security and threat detection solution. Under the new name WhiteSource Diffend, all of Diffend's latest commercial products will be made available for free. WhiteSource is now able to provide an innovative framework for mitigating tech supply chain risk as a result of the acquisition.

Recent software supply chain attacks demonstrate that application security needs have gone beyond detection to include continuous prevention. "Scanning for malicious packages after they are installed is too late," stated Maciej Mensfeld, founder of Diffend. "Organizations must start blocking malicious packages before they are downloaded or installed. WhiteSource Diffend is designed for near-invisible, exception-based alerting on software supply chain security threats that don't interfere with developers' work." Mensfeld added, "in the past week alone, the Diffend platform has been responsible for detecting and reporting 60 suspicious packages to Rubygems, all of which have now been removed, benefiting all open source users." Maciej Mensfeld joins WhiteSource as Senior Product Manager for Software Supply Chain Security.

Attacks on the software supply chain undermine users' implicit confidence in current application architectures. They happen when malicious code is applied to commercial or open-source software that is implemented directly or indirectly by the client or used as part of the create and publish process. A software supply chain attack has the potential to cause significant damage. It can range from affecting application traffic to revealing sensitive systems and data as a result of access authorization abuse. Although certain malicious attacks seek to remain undetected before production, others, including viruses, attack immediately.

WhiteSource Diffend allows only one installation for the whole enterprise and prevents any malicious package installation or upgrade, protecting not only the development app but also the entire CI system. This ultimate shift-left tool offers maximum security by blocking a package before it even hits a developer's computer – without taking up precious developer time – thanks to creative classification rules for suspicious components.