Black Duck Software, a global leader in providing solutions for securing and managing open source software, today announced the availability of Black Duck Hub 2.2, including new, extended open source security vulnerability intelligence, providing vulnerability data beyond what is offered in the National Vulnerability Database (NVD).
VulnDB, a new vulnerability data source embedded in Black Duck’s Hub 2.2 product release, alerts customers to newly reported vulnerabilities on average three weeks sooner than NVD in 2015.
Reporting on 38 percent more vulnerabilities than NVD, VulnDB provides more comprehensive detail on each vulnerability, recommends use of the open source software version that is free of known vulnerabilities and advises on remediation steps. Customers can protect their applications from attackers by proactively identifying where known vulnerabilities exist in their open source code within days of a vulnerability being publicly reported.
“Finding open source vulnerabilities in our NFV orchestration software products manually is a burdensome process. Manual testing often yields incomplete lists requiring additional time and effort to secure software releases. With the Black Duck Hub and its VulnDB, our software team can quickly extrapolate vulnerability points and identify safe open source components. Overture can hold the line and release products quickly and securely with the Black Duck Hub,” said Richard Jenny, Director, Engineering Program Management & DevOps at Overture Networks.
With this release, the Black Duck Hub also adds new support for additional programming languages, now identifying known vulnerabilities for Java, C, C++, C#, RubyGems, Nuget, JavaScript and Scala. Further, the Black Duck Hub continuously monitors for new vulnerabilities reported against open source software already in use.
Try the 14-day trial of the Black Duck Hub.