FossID Introduces Expert Systems AI to Slash Manual Effort in Software Composition Analysis
ID Assist mimics the knowledge and decision-making abilities of expert software auditors.
STOCKHOLM, June 25, 2024 (Newswire.com) - FossID, a leading provider of open source software risk management technology and services, announced today the availability of FossID Workbench 24.2 highlighted by ID Assist, a new AI-powered technology that significantly reduces the time and expertise required to operate Software Composition Analysis (SCA) tooling including the generation of comprehensive, accurate Software Bill-of-Materials (SBOMs).
The risks associated with the use of Open Source Software (OSS) has exploded in recent years due to the ubiquity of open source software, the proclivity of developers copy-pasting blocks of code from sources such as Stack Overflow, and now the adoption of generative AI coding tools like GitHub Copilot. To put the challenge in perspective, consider that:
- OSS now accounts for 50% or more of the code base in most modern applications
- There are more than 200 million known open source projects, 30 million open source projects alone are hosted on GitHub
- There are over 2,500 unique licenses tracked in FossID’s OSS Knowledge Base
Software Composition Analysis (SCA) plays a critical role in mitigating OSS-related risk through its ability to accurately identify all open source and third-party software packages embedded within modern software codebases.
However, reviewing and validating results of SCA scans often requires a significant amount of manual effort and expertise. ID Assist now automates much of this process while giving enterprises greater confidence in the accuracy and completeness of the final result.
ID Assist Leverages Extensive Software Auditor Expertise
In addition to developing SCA technology, FossID has been delivering open source audits to organizations for internal use and M&A transactions since its inception in 2016. Through the years, FossID has developed advanced techniques for identifying the origins of open source software and corresponding license information. This domain knowledge combined with the technology developed by FossID has made it possible to efficiently execute OSS audits against the 20+ petabytes of open source data in the FossID Knowledge Base. Leveraging Expert Systems AI, ID Assist now makes this expertise available to everyone through FossID Workbench.
“ID Assist is an Expert Systems AI solution that brings to life the experience and knowledge of a seasoned open source auditor reducing and even eliminating the need for manually validating results,” said Jon Aldama, Chief Product Officer and co-founder of FossID. “ID Assist automatically filters, ranks, and sorts scan results; pinpointing the true original license when multiple possibilities exist.”
The Right AI Approach for Software Composition Analysis
Expert Systems AI leverages a predefined set of rules and knowledge bases to emulate the decision-making abilities of a human expert.
Due to the structured nature of the open source software domain and the rule-based processes of an auditor, the Expert Systems AI approach was the clear choice.
The Expert Systems AI behind ID Assist significantly reduces the manual efforts associated with managing open source software risk.
ID Assist accomplishes this by:
- Accurately identifying open source code snippets
- Intelligently filtering out secondary matches
- Applying advanced scoring to surface the true origin of a match
- Enabling fully automatic scanning and validation workflows
“Instead of rushing to jump on the AI bandwagon, FossID has purposefully and intelligently developed an AI solution that brings to bear the promise of Artificial Intelligence while safeguarding the privacy and security of our customers,” said Stuart Dross, Chief Executive Officer of FossID, “In the future other approaches may apply to our business, but the deterministic nature of Expert Systems and the elimination of the need for vast amounts of training data made this decision a simple one for FossID.”
ID Assist by FossID is generally available now with the release of Workbench 24.2.
About FossID
FossID provides software risk management solutions that enable enterprises to leverage open source, third-party, and AI-generated code with confidence. Powered by FossID Workbench, a Software Composition Analysis (SCA) toolset, FossID also provides open source audit, technical due diligence, and code review services to help clients manage legal, security, and operational software supply chain risk.
Learn more: https://www.fossid.com
Follow us: Blog | LinkedIn | X | GitHub
Source: FossID
Share:
Tags: AI, application security, open source software, SBOM, software composition analysis