Black Duck Software
Black Duck Software helps the world’s most innovative companies streamline, safeguard, and manage their use of open source software.
Open source software is revolutionizing technology by enabling companies to speed development, reduce costs, increase innovation, and improve efficiency.
Open Source Application Security
Managing application security is essential in today’s complex IT environment. According to Forrester Research, most third-party code, including open source, are not tested for security vulnerabilities with the same level of rigor as in-house developed code. At the same time, IDC estimates that 30 percent of deployed software in the Global 2000 is open source. To ensure the security of new applications, products and services, open source needs to be properly managed and controlled.
To truly protect your software applications from potential vulnerabilities, you need an accurate understanding of:
- What open source components are in your current products and applications?
- Are there any outstanding, known security vulnerabilities?
- Have your open source components been validated and are their versions up-to-date before they are deployed?
- Identify and inventory open source software used in applications
- Map to known vulnerabilities and license requirements
- Continuously monitor and alert for new open source vulnerabilities
- Assist teams in remediation with orchestration and policy enforcement
Black Duck Hub
The Black Duck Hub helps security and development teams identify and mitigate open source related risks across all application portfolios that operate with open source code.
- Scans and identifies open source software throughout your code base
- Maps vulnerabilities to your open source software
- Triages vulnerability results and tracks remediation
- Monitors for newly disclosed vulnerabilities in your open source code
Get the Most Comprehensive Vulnerability Data – VulnDB is a more timely and higher quality vulnerability intelligence database, tracking:
- Nearly 40% more vulnerabilities than the National Vulnerability Database (NVD)
- Vulnerabilities posted three weeks sooner than NVD
- Deeper vulnerability data
Embedded in the Black Duck Hub, customers will have automatic access to premium vulnerability intelligence mapped to the open source software they use.
Black Duck Suite
Need more visibility into and control over the open source software (OSS) in your organization?
An automated approach to open source governance and compliance that integrates across your application development lifecycle is critical.
The Black Duck® Suite, their end-to-end OSS Logistics solution, enables enterprises of every size to manage how they acquire, approve, scan, monitor, secure, inventory, and deliver software with open source components.
The Black Duck Suite automates open source governance and compliance, while continually monitoring for security vulnerabilities to enable organizations to speed innovative development, reduce costs, and ensure application security.