Black Duck Software has announced a new open source security platform that helps security and development teams find and fix open source vulnerabilities.
The Black Duck Hub helps users identify open source components used within their code, identify known security vulnerabilities, and triage, schedule, and track remediation.
“Most companies do not have an automated mechanism to identify new open source as it enters a code base,” said Bill Ledingham, executive vice president and chief technology officer at Black Duck Software, in a statement. “Moreover, they are unable to determine the actual risk and impact from vulnerabilities. Without this knowledge, companies have no way to triage and track vulnerability remediation efforts over time. The Black Duck Hub helps security and development teams identify and mitigate open source related risks across an application portfolio.” Black Duck said on average, more than 30 percent of software deployed in most enterprises is open source software (OSS). Yet, few organizations have visibility into what open source is used and where. With more than 4,000 new open source vulnerabilities reported each year, understanding what open source is used within an organization is critical, the company said.
Indeed, thousands of unknown open source vulnerabilities go unnoticed within a typical enterprise. The Black Duck Hub identifies open source usage, maps known open source vulnerabilities, and tracks remediation efforts. The Black Duck Hub leverages Black Duck’s KnowledgeBase of license and vulnerability data.
The Black Duck Hub operates by running as part of the build process, automatically discovering and identifying open source as it enters the code stream and flagging open source libraries that have known vulnerabilities. Vulnerability details are used to assess application and portfolio risk, in addition to open source license and community activity risk. Moreover, remediation scheduling and tracking enable security professionals to ensure critical vulnerabilities are remediated.
The announcement of the Black Duck Hub comes just days after the company announced it had hired security expert Michael Pittenger as vice president of strategy. Pittenger will focus on security solutions. Pittenger came to Black Duck with more than 30 years of experience in the technology business. He has held several senior leadership positions in leading security companies, including Cigital, @stake and Savant Protection and was a co-founder of Veracode. For the past five years, Pittenger was the owner and independent business consultant of Caddis Advisors where he specialized in working with companies in the security market to assist with bringing new technologies to market, identifying new business opportunities, and developing sales and marketing positioning strategies and collateral.
“Mike’s extensive security industry background and experience will help us further deliver solutions that help companies mitigate security risks associated with the use of open source software,” said Lou Shipley, president and CEO of Black Duck Software, in a statement. “Bringing Mike on board further enables us to build innovative new approaches to securing open source, in addition to establishing key industry partnerships with other important security technology providers.”