Our website makes use of cookies like most of the websites. In order to deliver a personalised, responsive and improved experience, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. These cookies are completely safe and secure and will never contain any sensitive information. By clicking continue here, you give your consent to the use of cookies by our website.

Thursday, 11 February 2016 15:45

IBM teams up with Black Duck Hub to deliver open source code validation

Written by 

A new partnership enables code developers and DevOps to scan and manage open source and custom-developed software for potential vulnerabilities

Automated open source and custom code validation business, Black Duck Software, announced a new partnership with IBM and has received its PartnerWorld’s 'Ready for IBM Security Intelligence' designation for its Black Duck Hub security solution.

Additionally, the integration of Black Duck Hub into IBM’s Security AppScan will allow developers and DevOps teams to automatically identify and manage vulnerabilities in their custom-developed and open source code and to manage any required remediation via a single interface.

Black Dub identified an increasing reliance on open source code in organisations and also noted that  many organisations worldwide are struggling to keep their applications safe from vulnerabilities, of which there are 1000’s identified every year including high profile ones as Heartbleed, Shellshock, Ghost or Venom. As N. Louis Shipley, Black Duck’s CEO explains. “It’s not uncommon for open source software to make up 40 to 50% of a large organisation’s code base. By integrating Black Duck Hub with AppScan, IBM customers will gain visibility into and control of the open source they’re using. This will enable them to better understand and reduce security risks.”

Key features available to the combined IBM AppScan and Black Duck Hub solution include the scanning and identification of open source libraries, versions, licence and community activities using the Black Duck KnowledgeBase, which is based on Black Duck’s own data, the National Vulnerability Database (NVD) and VulnDB. And the automated mapping of open source inventory to known vulnerabilities, open source vulnerability remediation prioritisation and mitigation guidance, and ongoing monitoring and alerting on newly reported open source security vulnerabilities.

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.



255x635 banner2-compressed