Black Duck Announces Creation of Global Center for Open Source Research & Innovation

Growing reliance on open source for application development underscores the need for more
cutting-edge research – particularly in security

BURLINGTON, MA Aug 2, 2016 – Black Duck, a leader in automated solutions for securing and managing open source software, today announced it has created a Center for Open Source Research & Innovation (COSRI), noting that increasing reliance on open source for application development underscores the need for continuing investment in research.

“Open source is the way today’s applications are developed and we expect worldwide adoption will continue to accelerate because of the compelling economic and productivity benefits open source provides. Over the next decade, more cutting-edge research, innovation, information and education – particularly related to open source security – are needed to ensure the open source ecosystem remains vibrant. We will be a leader in that effort,” said Black Duck CEO Lou Shipley.

COSRI will be based at Black Duck’s Massachusetts headquarters and Shipley said the two new Black Duck research groups in Canada and Europe will play major roles in its initiatives.

Europe-based Black Duck Security Research analyzes security issues and attack patterns in open source software to provide customers with actionable information on vulnerabilities, corrective actions to reduce risk, and strategies for using open source effectively. The Vancouver, Canada group conducts applied research in data mining, machine learning, natural language processing, big data management and software engineering.

“Both groups will be sources of valuable research and reports throughout the year. Their work will help us innovate and improve our open source security and management solutions and a great deal of what they do will also be shared for the benefit of the open source community,” said Shipley.

Through COSRI, Black Duck will continue to issue periodic Open Source Security Audit (OSSA) reports analyzing results of applications audited by the company’s On-Demand business as part of M&A activities. Black Duck published a revealing report earlier this year highlighting the challenges organizations face in securing and managing their open source. One eye-opening OSSA finding was that 67 percent of the applications contained security vulnerabilities in open source components.

Shipley said the research teams’ work will also add to and enhance Black Duck’s KnowledgeBase™, the world’s most complete, current and accurate repository and database of open source software, associated licenses and other critical information, including known security vulnerabilities. “The KnowledgeBase is the foundation for our products and we’ve been building it for more than a decade. That work will continue uninterrupted as a component of COSRI,” he said.

Black Duck’s Open Hub, its online community and public directory of free and open source software (FOSS), will also be part of COSRI. Open Hub offers analytics and search services for discovering, evaluating, tracking and comparing open source code and projects.

“To continue to grow and thrive, open source needs an active community. Our investment in Open Hub will continue as we include it under the COSRI umbrella,” Shipley said.

About Black Duck

Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit

Media Contacts
Black Duck
Brian Carter
Director of Strategic Communications

PAN Communications
Michael O’Connell and Lisa Sorrentino