Black Duck Software and Risk Based Security Partner to Launch the Black Duck Hub to Address Security Vulnerabilities

Partnership combines powerful open source discovery with greater vulnerability intelligence to ensure open source security

Burlington, MA – April 7, 2015 – Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, today announced the Black Duck Hub and details of its partnership with Risk Based Security, an internationally recognized leader in vulnerability intelligence, data breach analytics, risk management services, and on-demand security solutions. Black Duck helps security and development teams identify and mitigate risks across application portfolios. Leveraging new vulnerability intelligence provided by Risk Based Security, the Black Duck Hub helps customers identify issues faster, prioritize remediation activity, and implement proactive controls to avoid the use of vulnerable components.

Newly discovered vulnerabilities are made public through thousands of online resources. Extending the commonly used National Vulnerability Database (NVD), Black Duck will embed the Risk Based Security VulnDB within the Black Duck Hub to provide customers additional vulnerability intelligence. The VulnDB yields actionable intelligence on more than 119,000 vulnerabilities – an additional 35,000 vulnerabilities that are not covered in the NVD. Risk Based Security’s broad and timely coverage of all newly discovered vulnerabilities, specifically third party libraries, coupled with Black Duck’s intelligent open source management solutions, enable customers to proactively take control of software and application security.

"Identifying and tracking open source vulnerabilities is a critical component of managing security in today’s enterprises,” said Jake Kouns, CISO of Risk Based Security. "Public vulnerability resources are incomplete and often lag in reporting many of the most important issues; that's why we focused on providing more timely and detailed information through our VulnDB service. VulnDB provides the in-depth vulnerability intelligence organizations need to address third party code usage, and we are excited to partner with Black Duck to deliver this critical data seamlessly for the first time through the Black Duck Hub.”

“Staying on top of the ongoing flow of newly identified security vulnerabilities associated with the use of open source requires both an accurate view of what open source is in use within an organization and the ability to automatically map industry leading vulnerability intelligence data,“ said Bill Ledingham, CTO and EVP Engineering, Black Duck Software. “We’ve been impressed with the breadth, depth, and timeliness of vulnerability information that Risk Based Security is able to provide and are excited to be able to offer this increased vulnerability coverage to Black Duck Hub customers.”

For more information on the Black Duck Hub, visit:

About Black Duck Software
Black Duck Software, headquartered in Boston, is an OSS Logistics solution provider that enables companies to optimize adoption of open source while securely managing the use of open source code. It helps customers identify open source used within their code, identify known security vulnerabilities, and triage, schedule, and track remediation. Black Duck connects developers to comprehensive open source software (OSS) resources through The Black Duck Open Hub and to the latest commentary from industry experts through the Open Source Delivers blog. Black Duck has offices in San Mateo, London, Paris, Frankfurt, Hong Kong, Tokyo, Seoul, and Beijing. For more information, visit and follow @black_duck_sw.

About Risk Based Security, Inc.
Risk Based Security is an internationally recognized leader in vulnerability intelligence, data breach analytics, risk management services, and on-demand security solutions. RBS’ Cyber Risk Analytics and risk intelligence services assist organizations with collecting and analyzing the most current information in order to prioritize mitigation actions in the ever-increasing threat landscape. RBS has developed VulnDB, for comprehensive vulnerability intelligence and third party library monitoring and tracking which is the largest and most comprehensive vulnerability database available. The RBS team is comprised of industry veterans who founded and maintain the OSVDB project and is a member of the CVE Editorial Board and FIRST VRDX-SIG. RBS has been recognized as vulnerability experts for well over a decade and have been responsible for discovering vulnerabilities in high profile products from various vendors such as Microsoft, Adobe, Symantec, IBM, Apple, SAP, Google, Trend Micro, Novell and several others. For more information, please visit or call 855-RBS-RISK.

Media Contact:
Casey Cardinal
Black Duck Software