Skip to content

Software Development News: .NET, Java, PHP, Ruby, Agile, Databases, SOA, JavaScript, Open Source

Methods & Tools

Subscribe to Methods & Tools
if you are not afraid to read more than one page to be a smarter software developer, software tester or project manager!

Black Duck Software Press Releases
Syndicate content
Updated: 19 hours 52 min ago

Open Source Security Provider Black Duck is the “Leader” in Independent Research Firm’s Assessment of Software Composition Analysis Providers

Thu, 02/23/2017 - 14:27
Open Source Security Provider Black Duck is the “Leader” in Independent Research Firm’s Assessment of Software Composition Analysis Providershleclair Thu, 02/23/2017 - 08:27

Research Report: “developers use open source components as their foundation, creating applications using only 10% to 20% new code”

BURLINGTON, MA – Feb. 23, 2017 – Black Duck, the global leader in securing and managing open source software, was named the leader in The Forrester Wave™: Software Composition Analysis, Q1 2017, which was released today.

In Forrester’s comprehensive, 38-criteria evaluation of “the six (SCA) providers that matter most and how they stack up,” Black Duck was the only company placed in the Wave’s “leader” classification.

To assess the state of the SCA market, Forrester examined past research, user need assessments, and vendor and expert interviews, and developed the evaluation criteria, which it grouped into three categories: current offering, strategy and market presence.

To address the market demand for more and better applications and to accelerate application development, developers “use open source components as their foundation, creating applications using only 10% to 20% new code,” the Forrester report stated.

“Unfortunately, many of these (open source) components come with liabilities in their license agreements, and one out of every 16 open source download requests is for a component with a known vulnerability. To reduce these risks, security pros are turning to SCA tools,” the Forrester report stated.

Black Duck CEO Lou Shipley said “being named the leader in Forrester’s software composition analysis evaluation is encouraging and is certainly how we think of ourselves. However, for those of us in the rapidly expanding open source ecosystem, probably the most significant element of this SCA Wave is Forrester’s point that ’developers use open source components as their foundation, creating applications using only 10% to 20% new code.’

Shipley said “the increasing global reliance on open source and its preeminence in application development increase the need for enterprises to deploy effective open source security vulnerability management tools. It is clear to us that the Forrester Wave report acknowledges the opportunity to reduce application security risk by securing and managing open source more effectively using SCA tools such as Black Duck’s,” Shipley said. 

To reduce application risk, according to the Forrester SCA Wave analysis, organizations are turning to SCA tools for the benefits of:

  • Gathering more information that helps identify and remediate vulnerabilities quickly
  • Automating scans to highlight license risk exposure
  • Flexible policy enforcement that increases alignment with business needs
  • Integrating products to support existing development processes

In its vendor profile, Forrester noted that Black Duck’s market-leading product, “boasts over 80 supported source code language formats, and it uses this strength to scan a broad range of developer preferences for both license risk management and vulnerability identification. Additionally, Black Duck provides an application bill of materials (BOM) for as long as users choose, and it monitors for any new open source vulnerabilities using vulnerability data that gets updated hourly. Users are notified of newly identified vulnerabilities in their BOM.

“Black Duck Software has very strong risk reporting and strong proactive vulnerability management capabilities, but its biggest differentiation comes from sound support for the fundamentals of license risk management, vulnerability identification, and policy management.”

About Black Duck Software

Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Northern Ireland, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.

Media Contacts:

Black Duck
Brian Carter, Director of Strategic Communications
bcarter@blackducksoftware.com
508-277-7570

PAN Communications
Michael O’Connell
blackduck@pancomm.com
617-502-4300

 

Categories: Vendor

Black Duck Adds Cybric to Partner Program

Mon, 02/13/2017 - 17:00
Black Duck Adds Cybric to Partner Programhleclair Mon, 02/13/2017 - 11:00

BURLINGTON, MA – February 13, 2017 - 

Black Duck, the global leader in automated solutions for securing and managing open source software, today announced that Boston-based Cybric, provider of the first Continuous Security Delivery Fabric®, has joined its Partner Program. 

Cybric’s platform automates and orchestrates code and application security across the DevOps lifecycle, reducing application vulnerability exposure and allowing security processes to keep pace with DevOps. 

Cybric has integrated Black Duck's Hub into its platform, enabling joint customers to use Cybric and Black Duck in combination. Black Duck Hub automates the process of inventorying the open source in applications and containers, maps the inventory to known vulnerabilities, manages remediation activities, and through real-time monitoring provides alerts when new threats are reported.

Cybric’s patent-pending technology rapidly orchestrates exact replicas of application environments and scans for security vulnerabilities by containerizing and automating security solutions without negatively impacting or slowing the production process.

“Our mission is to deliver the first automation and orchestration platform that integrates security into the SDLC from code commit to application delivery, enabling true DevSecOps,” said Cybric Founder and CEO Ernesto DiGiambattista. “Partnering with best-in-class providers such as Back Duck allows us to do this and provide our customers with confidence and assurance in their application security and resiliency for their business.”

About Black Duck

Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Northern Ireland, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.

About Cybric

Cybric is the first to automate and orchestrate code and application security across the DevOps lifecycle. The company’s Continuous Security-as-a-Service platform leverages its patent-pending Continuous Security Delivery Fabric® to seamlessly integrate security into the development process and deliver frictionless security assurance from code commit to application delivery. To learn more visit www.cybric.io or follow us on Twitter @cybric.

Categories: Vendor

View Recorded Webinars

Sun, 01/01/2017 - 05:59
View Recorded Webinarshleclair Sun, 01/01/2017 - 04:59 Resource Type Webinars Resource Content Black Duck has many webinars available on demand. Explore our webinar library today. Resource Link https://www.blackducksoftware.com/resources?type=31&topic=All&keyword= Exclude from resource page Exclude from resource page
Categories: Vendor

Black Duck Receives M&A Advisor Award for Financial and Professional Services Product/Service of the Year

Mon, 11/14/2016 - 15:03
Black Duck Receives M&A Advisor Award for Financial and Professional Services Product/Service of the Yearhleclair Mon, 11/14/2016 - 09:03

On-Demand Open Source Audit and Open Source Risk Assessment services cited for value and excellence in Information Management, Data and Research

BURLINGTON, MA – Nov. 14, 2016 – Black Duck, a global leader in automated solutions for securing and managing open source software, today announced that its On-Demand Open Source Audit and Open Source Risk Assessment services have won M&A Advisor’s 2016 Financial and Professional Services Product/Service of the Year award. Black Duck was cited for value and excellence in the Information Management, Data and Research category.

Black Duck’s selection was announced on Nov. 9 at the 15th Annual M&A Advisor Awards event, a yearly celebration for firms and professionals in the M&A industry. The awards event at the New York Athletic Club was held in conjunction with the M&A Advisor Summit. At the Summit, Black Duck CEO Lou Shipley and On-Demand VP & General Manager Phil Odence headed a panel discussion highlighting the growing importance of open source due diligence during M&A transactions.

The use of open source software is ubiquitous worldwide and it is an essential component in application development today, often comprising 50 percent of the code in an application. The rapid growth in open source usage has created significant security and management challenges. Identifying the open source in use is an increasingly important aspect of technical due diligence in M&A transactions in which software assets are a significant part of the business valuation.

Shipley said “Our customers have known for a long time that our On-Demand Audits and Open Source Risk Assessments deliver tangible value in M&A transactions. The M&A Advisor is one of the most trusted sources for information in the industry and we appreciate their recognition of our value. As open source usage continues to increase worldwide, the need for and the demand for products that help buyers assure that their open source is secure and effectively managed will continue to grow. It’s very clear that more and more buyers and sellers in M&A transactions will make sure they’ve been ‘blackducked’ during the process.”

The M&A Advisor was founded in 1998 to publish insights and intelligence on mergers and acquisitions, and today is the world’s premier leadership organization of M&A, Turnaround and Finance professionals.

Black Duck was one of five finalists in its category. The finalists were selected from the nominees during the first stage of evaluation, and an independent panel of judges with deep M&A transaction experience reviewed all of the product and company data the finalists provided before selecting the ultimate award winners.

About Black Duck

Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.
 

Media Contacts
Black Duck
Brian Carter
Director of Strategic Communications
bcarter@blackducksoftware.com
508.277.7570

PAN Communications
Michael O’Connell and Lisa Sorrentino
blackduck@pancomm.com
617.502.4300

 

Categories: Vendor