Security News > 2020 > December > OpenSSF Launches Open Source Tool for Evaluating SAST Products
The Open Source Security Foundation announced on Wednesday at the Black Hat Europe conference the availability of an open source tool designed for evaluating the ability of static analysis security testing products to detect vulnerabilities.
The developers pointed out that less than 200 lines of code are typically required to create a new security tool integration, and they believe it can be easily integrated with not only open source tools, but also commercial products.
The goal of the tool, whose source code is available on GitHub, is to make it easier for security teams to evaluate various SAST tools.
"The benchmark addresses two problems that security teams face today when assessing security tools. First, rather than using synthetic test code, the OpenSSF CVE Benchmark uses real life CVEs that have been validated and fixed in open source projects. Using this approach, security tools are tested on real codebases that contain validated real vulnerabilities," the developers explained.
Launched in August 2020 and hosted by the Linux Foundation, OpenSSF aims to improve the security of open source software by building a community, best practices and targeted initiatives.