Black Duck in HPE: new recipe for oven-ready vulnerability crispiness

Black Duck exists to make open source code usage safer. The firm’s software is built to help deal with the fact that many firms today use a mix of custom and open source code. It detects, prioritises and fixes known open source vulnerabilities.

HP has now integrated Black Duck’s core ‘hub’ solution into its HPE Security Fortify Software Security Center (SSC).

“Use of open source has increased dramatically in the last five years — it can comprise 50 percent or more of a large organisation’s code base,” said Lou Shipley, Black Duck CEO.

In response, HPE security veep Jason Schmitt presented an appropriately banal corporate platitude without detailing real application vulnerabilities and open source implementation concerns.

What the software actually does

Actual features in the Black Duck Hub and HPE Security Fortify integration include a deep discovery function for rapid scanning and identification of open source libraries, versions, license and community activity.

This intelligence is powered by the Black Duck KnowledgeBase, an open source database with information on more than 1.5 million open source projects and 76,000+ known open source vulnerabilities.

Black Duck also brings forward tools to create an inventory of all open source in use and a map to known security vulnerabilities. Plus also open source vulnerability remediation prioritisation, mitigation guidance and automated policy management.

Nom, nom, nom... crispy duck, pass the plum sauce please. Image Credit: ShortList

Nom, nom, nom… crispy duck, pass the plum sauce, but scan it for remediation prioritisation first please. Image Credit: ShortList