Black Duck Forms Open-Source Security Group in Northern Ireland

Black Duck Software has formed an Open Source Security Research Group in Northern Ireland, tapping into the region's base of cyber-security expertise.

security thoughts

Black Duck, a provider of solutions for managing and securing open-source software, has formed a new Open Source Security Research Group in Northern Ireland with headquarters in Belfast.

The new Northern Ireland group is part of Black Duck's global Center for Open Source Research and Innovation (COSRI), which is based at the company's Burlington, Mass., headquarters. Black Duck officials said they expect the Northern Ireland group to play a major role in COSRI's research efforts by analyzing open-source security issues and attack patterns, and by providing customers with information on vulnerabilities, corrective actions to reduce risk and new strategies for the secure use of open-source software.

Despite the ubiquity of open-source software, security of the software and the management of it remains a concern for many enterprises.

In a report on the subject, the SANS Institute, which specializes in information security and cyber-security training, said: "Enterprises should do an extensive risk and security analysis before choosing open-source solutions over their closed-source counterparts. The analysis should consider various factors such as the expertise available in-house and the support options available for the respective open-source product. Well documented and implemented security policies and best practices help an enterprise to mitigate the risks and enjoy the real benefits of open source."

Lou Shipley, CEO of Black Duck, noted that the use of open-source software is indeed ubiquitous worldwide and it is an essential component in application development today, often comprising 50 percent of the code in an application. This rapid growth in open-source usage has created significant security and management challenges, he said.

"Since creating COSRI earlier this year, we have been increasing our strategic investments in open-source security research and innovation worldwide. Northern Ireland has the depth of security research talent to meet many of our needs in the near term and in the future," Shipley said in a statement.

Moreover, Shipley noted that open-source use will continue to grow because of its economic, productivity and innovation benefits. "Our intent is to support that growth by helping organizations use more open source more securely," he said.

Black Duck announced the formation of the new group at an event at Invest Northern Ireland (Invest NI) in Belfast. Invest NI is the regional business development agency for Northern Ireland.

"Invest NI very quickly proved to us that Northern Ireland had both the high-quality tech professionals to meet our open-source security research needs and an impressive array of cyber-security-focused businesses that will continue to attract more attractive candidates to the region," Shipley said. "Invest NI's guidance and support played a vital role in making this engagement happen. They will be a key strategic ally as we scale our research activities."

According to Simon Hamilton, Northern Ireland's Minister for the Economy, the region has been investing heavily in cyber-security research in recent years. In addition, the number of computer science students at both Queen's and Ulster universities has grown, as has the cyber-security-related curricula.

"We also have a growing cluster of world-class companies involved in cyber-security, making Northern Ireland a very attractive location for projects of this type," he said.

Meanwhile, in other security-related software news, SmartBear Software, another Massachusetts-based software company, updated its API security tooling. Somerville, Mass.-based SmartBear, a provider of software quality tools for teams, released a major update to its API readiness platform, Ready! API, focusing on the security of APIs.

API security is a growing concern for developers as APIs have been exploited for attacks on systems. SmartBear's Ready! API is a unified set of testing tools that includes Secure Pro for dynamic API security testing, SoapUI NG Pro for functional testing, LoadUI NG Pro for load testing, ServiceV Pro for API service virtualization and TestServer for Continuous Integration environments.

"Most of the APIs in the cloud are based on the popular REST methodology, and these are universally accessible and open to threats from hackers," John Purcell, vice president of products at SmartBear, said in a statement. "It has become a priority for organizations to determine and fix security loopholes in their REST APIs, and this new update to Secure Pro allows organizations to do that. With most of the vulnerable content in REST APIs being transported in the message body, Secure Pro now provides thorough scanning of RESTful payloads. These scans are easy to create and are preconfigured to find the most commonly found vulnerabilities."