Automated open source and custom code validation business, Black Duck Software, announced a new partnership with IBM and has received its PartnerWorld’s 'Ready for IBM Security Intelligence' designation for its Black Duck Hub security solution.
Additionally, the integration of Black Duck Hub into IBM’s Security AppScan will allow developers and DevOps teams to automatically identify and manage vulnerabilities in their custom-developed and open source code and to manage any required remediation via a single interface.
Black Dub identified an increasing reliance on open source code in organisations and also noted that many organisations worldwide are struggling to keep their applications safe from vulnerabilities, of which there are 1000’s identified every year including high profile ones as Heartbleed, Shellshock, Ghost or Venom. As N. Louis Shipley, Black Duck’s CEO explains. “It’s not uncommon for open source software to make up 40 to 50% of a large organisation’s code base. By integrating Black Duck Hub with AppScan, IBM customers will gain visibility into and control of the open source they’re using. This will enable them to better understand and reduce security risks.”
Key features available to the combined IBM AppScan and Black Duck Hub solution include the scanning and identification of open source libraries, versions, licence and community activities using the Black Duck KnowledgeBase, which is based on Black Duck’s own data, the National Vulnerability Database (NVD) and VulnDB. And the automated mapping of open source inventory to known vulnerabilities, open source vulnerability remediation prioritisation and mitigation guidance, and ongoing monitoring and alerting on newly reported open source security vulnerabilities.