Black Duck cooks up extra security sauce

Black Duck has created a Centre for Open Source Research & Innovation (COSRI) at its Massachusetts headquarters. The firm is a specialist in ‘automated’ software for securing and managing open source.

Europe-based Black Duck Security Research analyses security issues and attack patterns in open source software to provide what it calls ‘actionable information’ on vulnerabilities, corrective actions to reduce risk… and strategies for using open source effectively.

The firm’s Vancouver based group conducts applied research in data mining, machine learning, natural language processing, big data management and software engineering.

Black Duck CEO Lou Shipley has explained that through COSRI, Black Duck will continue to issue periodic Open Source Security Audit (OSSA) reports analysing results of applications audited by the company’s on-demand business as part of M&A activities.

The firm published a report earlier this year highlighting the challenges organisations face in securing and managing their open source. One OSSA finding was that 67 per cent of the applications contained security vulnerabilities in open source components.

Shipley said the research teams’ work will also add to and enhance Black Duck’s KnowledgeBase™ a repository and database of open source software, associated licenses and information including known security vulnerabilities.