Black Duck, a global leader in automated solutions for securing and managing open source software, today announced the integration of its flagship Hub solution into HPE Security Fortify Software Security Center (SSC), which helps organizations measure and control their application security posture and provides visibility into software risk across the enterprise.

Organizations developing applications today use a mix of custom and open source code, significantly increasing security risk, management complexity, and challenges. With the integration of Black Duck Hub, organizations using HPE Security Fortify will be able to detect, prioritize and fix known open source vulnerabilities as well as custom code vulnerabilities – all through a single view in HPE Security Fortify Software Security Center.

“Use of open source has increased dramatically in the last five years because it cuts development costs and accelerates time to market. Open source is ubiquitous worldwide and can comprise 50 percent or more of a large organization’s code base. By integrating Black Duck Hub with HPE Security Fortify, customers will have visibility into and control of the open source they are using and also be able to identify known vulnerabilities. This allows them to better understand and reduce their security risks,” said Lou Shipley, Black Duck CEO.

“A strong ecosystem of partners that adds security insight throughout the software development lifecycle is an essential element of the complete view of application security that HPE Security Fortify provides,” said Jason Schmitt, Vice President and General Manager, HPE Security Fortify, Hewlett Packard Enterprise. “This integration with Black Duck complements our existing secure development and security testing solutions by providing the ability to view the results of open source scanning alongside application security testing results to deliver a more complete and effective approach to managing application security.”

The key features of the Black Duck Hub and HPE Security Fortify integration include:

  • Deep Discovery of Open Source: Rapid scanning and identification of open source libraries, versions, license, and community activity powered by the Black Duck® KnowledgeBase™ – the world’s most complete open source database with detailed information on more than 1.5 million open source projects and 76,000+ known open source vulnerabilities.
  • Comprehensive Identification of Open Source Risks: Create an inventory of all open source in use and a map to known security vulnerabilities, identifying and prioritizing the severity of the vulnerability and exploring remediation steps.
  • Integrated Remediation Orchestration and Policy Enforcement: Open source vulnerability remediation prioritization, mitigation guidance, and automated policy management, allowing organizations to have visibility into their remediation efforts and manage their external and internal compliance mandates.
  • Continuous Monitoring for New Security Vulnerabilities: Ongoing monitoring and alerting on newly reported open source security vulnerabilities