Computer Science + Data Science
= Big Code Analytics
Lexumo crawls the Internet, continuously indexing the world’s open source software. We ingest every package and library, every version, ever. We store an abstracted representation of each component that captures its essential functionality as features, rather than relying on source code or binary representations.
The result is a searchable graph of all the open source ever written, stored in a massively-scalable, AWS-based cloud stack. This enables our platform to accurately identify both vulnerable and patched components in your code, even when the source has been modified.
Curate & Annotate
Using machine learning algorithms, our team of security analysts continuously curates our vulnerability and remediation intelligence. We continuously monitor data sources beyond CVE, such as product advisories and mailing lists.
We crawl our graph of the world's open source software and run analytics over every branch of every package to identify vulnerable code.
We then annotate our graph with each vulnerability for each version of each component, along with patch and license information. The result is complete knowledge of publicly-disclosed vulnerabilities in open source software.
Lexumo searches our annotated graph for your code, precisely identifying all open source components and versions compiled into your product. Lexumo also reports on vulnerabilities and licenses for each component.
And because our platform is based on indexed-search, newly-discovered vulnerabilities trigger an immediate alert when they apply to your code (no rescanning required).
By analyzing both safe and previously-vulnerable versions of code in open source repositories, Lexumo identifies exactly how the vulnerable code was fixed by the open source community.
We then provide patch instructions so you can quickly fix your code without a full upgrade that can break other dependencies.
We also tell you the minimum version required to eliminate the vulnerability, so you can upgrade at a later date.
Lines of code in Linux foundation projects.
Person years to write this code.
Economic value of this work.
Source: Linux Foundation, Sept. 2015