Track Security Vulnerabilities
Protecting the integrity of software products, applications and services built with open source software (OSS) is a critical task. Manual methods of tracking security vulnerabilities are prone to error and often inadequate when hundreds of open source components are selected and combined. Black Duck automates this tracking process by providing real-time security alerts so developers can assess whether they want to integrate a particular open source component into their project.
Black Duck® Code Center™ leverages data from the National Vulnerability Database (NVD) to alert you to potential security vulnerabilities and issues. During component selection, Code Center allows you to review NVD data so that your developers can make better, more informed decisions.
The NVD is a resource that tracks vulnerability data for commonly used operating systems, applications and software components, including OSS. It is the result of continuous collaboration between the software industry and the multi-agency Information Security Automation Program (ISAP). NVD is a product of the National Institute of Standards and Technology (NIST) Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
To learn more about how Code Center can help your organization maximize the power of open source, contact us at info@blackducksoftware.com.