Black Duck Software Releases Major Update to KnowledgeBase, Industry’s Most Extensive Database of Open Source Code Components

Adds more than 100,000 open source project versions and information on 3,417 security vulnerabilities, including issue that affected Google Chrome browser

WALTHAM, Mass., September 16, 2008—Black Duck Software, the leading global provider of products and services for accelerating software development through the managed use of open source software, today announced a substantial upgrade to the Black Duck™ KnowledgeBase. The KnowledgeBase includes information about downloadable and open source software components from more than 3,700 web sites and  from over 1,000 vendors. Component information includes over 32,000 security vulnerabilities, more than 7,000 encryption libraries and algorithms, as well as information on over 1,400 open source and proprietary software licenses. The detailed and comprehensive nature of the KnowledgeBase makes it a core open source software development and lifecycle management asset to Black Duck customers in software development, embedded technology, SaaS or hosted applications, financial services and other industries.

Black Duck continuously updates the KnowledgeBase with information about known security vulnerabilities within open source code. For example, the vulnerability recently discovered in Google’s Chrome web browser has been in the Black Duck KnowledgeBase since shortly after the original security alert in June 2008. Developers can rely on Black Duck products powered by the KnowledgeBase to avoid using versions of open source components that have known vulnerabilities and to identify components in their existing code base that need to be updated or patched. In recent weeks, open source developers have rapidly created fixes for high-severity security vulnerabilities affecting the iPod Touch™ (WebKit), NetBSD®, KAME, XRMS, AWStats and many others.

“When software developers use Black Duck Code Center to search for software source code or components to use, they’re able to search the KnowledgeBase and quickly spot potential licensing issues and outstanding security vulnerabilities,” said Bill McQuaide, executive vice president of products and services at Black Duck Software. “Open source has significant tangible benefits for development organizations, but it needs to be managed properly. Problems such as the vulnerability discovered by Google after it released the beta version of the Chrome browser can easily be avoided when you have information at your fingertips.”

Black Duck continuously builds on the KnowledgeBase and draws upon the U.S. government’s National Vulnerability Database for up-to-date information on security flaws in open source software. More information on the Black Duck KnowledgeBase and the company’s suite of related products is available at http://www.blackducksoftware.com/.

About Black Duck Software

Black Duck Software is the leading global provider of products and services for accelerating software development through the managed use of open source and third-party code. Black Duck™ enables companies to shorten time-to-market and reduce development and maintenance costs while mitigating the risks and challenges associated with open source reuse, including hidden license obligations, security vulnerabilities, unsupported open source and version proliferation. The company is headquartered near Boston and has offices in San Francisco, Amsterdam and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

# # #

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts