Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, today announced the Black Duck Hub and details of its partnership with Risk Based Security, an internationally recognized leader in vulnerability intelligence, data breach analytics, risk management services, and on-demand security solutions. Black Duck helps security and development teams identify and mitigate risks across application portfolios. Leveraging new vulnerability intelligence provided by Risk Based Security, the Black Duck Hub helps customers identify issues faster, prioritize remediation activity, and implement proactive controls to avoid the use of vulnerable components.
Newly discovered vulnerabilities are made public through thousands of online resources. Extending the commonly used National Vulnerability Database (NVD), Black Duck will embed the Risk Based Security VulnDB within the Black Duck Hub to provide customers additional vulnerability intelligence. The VulnDB yields actionable intelligence on more than 119,000 vulnerabilities – an additional 35,000 vulnerabilities that are not covered in the NVD. Risk Based Security’s broad and timely coverage of all newly discovered vulnerabilities, specifically third party libraries, coupled with Black Duck’s intelligent open source management solutions, enable customers to proactively take control of software and application security.
“Identifying and tracking open source vulnerabilities is a critical component of managing security in today’s enterprises,” said Jake Kouns, CISO of Risk Based Security. “Public vulnerability resources are incomplete and often lag in reporting many of the most important issues; that’s why we focused on providing more timely and detailed information through our VulnDB service. VulnDB provides the in-depth vulnerability intelligence organizations need in order to address third party code usage, and we are excited to partner with Black Duck to deliver this critical data seamlessly for the first time through the Black Duck Hub.”
“Staying on top of the ongoing flow of newly identified security vulnerabilities associated with the use of open source requires both an accurate view of what open source is in use within an organization and the ability to automatically map industry leading vulnerability intelligence data,” said Bill Ledingham, EVP and CTO of Black Duck Software. “We’ve been impressed with the breadth, depth, and timeliness of vulnerability information that Risk Based Security is able to provide and are excited to be able to offer this increased vulnerability coverage to Black Duck Hub customers.”
For more information on the Black Duck Hub, visit: www.blackducksoftware.com/products/black-duck-hub.