Black Duck Software Announces Industry’s Most Comprehensive Security Solution to Identify and Remediate Vulnerabilities

The Black Duck Hub combines open source discovery and vulnerability intelligence to help security and development teams remediate risk

Burlington, MA – April 7, 2015 – Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, today announced the industry’s most comprehensive open source security solution that helps security and development teams find and remediate open source vulnerabilities, the Black Duck Hub. The Black Duck Hub helps customers identify open source used within their code, identify known security vulnerabilities, and triage, schedule, and track remediation.

On average, more than 30 percent of software deployed in most enterprises is open source software (OSS); however, few organizations have visibility into what open source is used and where. With more than 4,000 new open source vulnerabilities reported each year, understanding what open source is used within an organization is critical. Thousands of unknown open source vulnerabilities go unnoticed within a typical enterprise. The Black Duck Hub identifies open source usage, maps known open source vulnerabilities, and tracks remediation efforts. The Black Duck Hub leverages Black Duck’s KnowledgeBase of license and vulnerability data, the most comprehensive source of language coverage in the industry.

“As the leading provider of financial reporting and risk solutions, AxiomSL is committed to ensuring the elimination of possible security vulnerabilities through our software. While we continue to utilize a suite of world-class security software solutions, we always strive to be on the cutting-edge of available and emerging technologies,” said Igor Lekht, SVP, AxiomSL. “For this reason, we selected Black Duck, a leading provider of open source security solutions, to bolster our existing arsenal of advanced security software by helping to further mitigate known open source security risks by monitoring for potential future vulnerabilities.”

The Black Duck Hub runs as part of the build process, automatically discovering and identifying open source as it enters the code stream and flagging open source libraries that have known vulnerabilities. Vulnerability details are used to assess application and portfolio risk, in addition to open source license and community activity risk. Remediation scheduling and tracking enable security professionals to ensure critical vulnerabilities are remediated.

“Most companies do not have an automated mechanism to identify new open source as it enters a code base. Moreover, they are unable to determine the actual risk and impact from vulnerabilities. Without this knowledge, companies have no way to triage and track vulnerability remediation efforts over time,“ said Bill Ledingham, CTO and EVP Engineering, Black Duck Software. “The Black Duck Hub helps security and development teams identify and mitigate open source related risks across an application portfolio. The product’s ability to automatically detect and identify open source, and map known security vulnerabilities, helps organizations assess risk, prioritize issues, and track remediation. We are also providing extensive language coverage and dev-tools integration to embed open source controls throughout the software development life cycle.”

Companies that benefit from the Black Duck Hub are security professionals and development teams looking for a rapid solution to understand open source software usage and mitigate open source security risk. For more information, visit Black Duck also announced details of its partnership with Risk Based Security today.

About Black Duck Software
Black Duck Software is the leading OSS Logistics solution provider, enabling enterprises of every size to securely manage open source code and optimize the opportunities that come with open source adoption and management. As part of the greater open source community, Black Duck connects developers to comprehensive open source software (OSS) resources through The Black Duck Open Hub (formerly Ohloh) and to the latest commentary from industry experts through the Open Source Delivers blog. Black Duck is headquartered in Boston and has offices in San Mateo, London, Paris, Frankfurt, Hong Kong, Tokyo, Seoul, and Beijing. For more information about how to leverage open source to deliver faster innovation, greater creativity, and improved efficiency, visit and follow the company at @black_duck_sw.

Media Contact:
Casey Cardinal
Black Duck Software