Our website makes use of cookies like most of the websites. In order to deliver a personalised, responsive and improved experience, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. These cookies are completely safe and secure and will never contain any sensitive information. By clicking continue here, you give your consent to the use of cookies by our website.

CCI
Friday, 24 February 2017 05:07

Open Source Security Provider Black Duck is the “Leader” in Independent Research Firm’s Assessment of Software Composition Analysis Providers

Posted By 

Research Report: “developers use open source components as their foundation, creating applications using only 10% to 20% new code

Black Duck, the global leader in securing and managing open source software, was named the leader in The Forrester Wave: Software Composition Analysis, Q1 2017, which was released today.

In Forrester’s comprehensive, 38-criteria evaluation of “the six (SCA) providers that matter most and how they stack up,” Black Duck was the only company placed in the Wave’s “leader” classification.

To assess the state of the SCA market, Forrester examined past research, user need assessments, and vendor and expert interviews, and developed the evaluation criteria, which it grouped into three categories: current offering, strategy and market presence.

To address the market demand for more and better applications and to accelerate application development, developers “use open source components as their foundation, creating applications using only 10% to 20% new code,” the Forrester report stated.

“Unfortunately, many of these (open source) components come with liabilities in their license agreements, and one out of every 16 open source download requests is for a component with a known vulnerability. To reduce these risks, security pros are turning to SCA tools,” the Forrester report stated.

Black Duck CEO Lou Shipley said “being named the leader in Forrester’s software composition analysis evaluation is encouraging and is certainly how we think of ourselves. However, for those of us in the rapidly expanding open source ecosystem, probably the most significant element of this SCA Wave is Forrester’s point that ’developers use open source components as their foundation, creating applications using only 10% to 20% new code.’

Shipley said “the increasing global reliance on open source and its preeminence in application development increase the need for enterprises to deploy effective open source security vulnerability management tools. It is clear to us that the Forrester Wave report acknowledges the opportunity to reduce application security risk by securing and managing open source more effectively using SCA tools such as Black Duck’s,” Shipley said.

To reduce application risk, according to the Forrester SCA Wave analysis, organizations are turning to SCA tools for the benefits of:

  •     Gathering more information that helps identify and remediate vulnerabilities quickly
  •     Automating scans to highlight license risk exposure
  •     Flexible policy enforcement that increases alignment with business needs
  •     Integrating products to support existing development processes

In its vendor profile, Forrester noted that Black Duck’s market-leading product, “boasts over 80 supported source code language formats, and it uses this strength to scan a broad range of developer preferences for both license risk management and vulnerability identification. Additionally, Black Duck provides an application bill of materials (BOM) for as long as users choose, and it monitors for any new open source vulnerabilities using vulnerability data that gets updated hourly. Users are notified of newly identified vulnerabilities in their BOM.

“Black Duck Software has very strong risk reporting and strong proactive vulnerability management capabilities, but its biggest differentiation comes from sound support for the fundamentals of license risk management, vulnerability identification, and policy management.”

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

cci-app-store-apple

CCi-with-android

255x635 banner2-compressed