The National Vulnerability Database (NVD) is a national resource that tracks vulnerability data for commonly used operating systems and applications, including open source. It is the dynamic result of continuous collaboration between the software industry and the multi-agency Information Security Automation Program.

As the NVD website (http://nvd.nist.gov/) explains, “NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).”

Black Duck™ Code Center uses data from the NVD to alert organizations of potential security vulnerabilities and issues within their code components. During component selection, Black Duck Code Center allows NVD data to be reviewed so that developers can make an informed decision about component usage. Black Duck Code Center also alerts developers of any new vulnerability data available for components in use.

How can you find out more information?

For additional information about Black Duck Software Code Center, our company offers the following resources:

• Black Duck Code Center Datasheet

• Black Duck Code Center product page

• Use Case - Creating a Culture for Code Reuse: Boosting Development Productivity by Leveraging Third Party Software

• Contact Black Duck