Center for Open Source Research & Innovation

Center for Open Source Research and Innovation

Open source is the way today’s applications are developed and adoption continues to accelerate because of the compelling economic and productivity benefits open source provides.

Over the next decade and beyond, COSRI's cutting-edge research, innovation, information and education – particularly related to open source security – will help ensure the open source ecosystem remains vibrant.

COSRI is based at Black Duck’s Massachusetts headquarters and two Black Duck research groups in Canada and Europe play major roles in its initiatives.

COSRI comprises five components.

Europe-based Black Duck Security Research analyzes security issues and attack patterns in open source software to provide customers with actionable and meaningful security context on vulnerabilities, corrective actions to reduce risk, and strategies for using open source effectively.

The Vancouver Research Group conducts applied research in data mining, machine learning, natural language processing, big data management and software engineering. The goal is to help our customers and partners worldwide consume open source software and services in a more compliant, secure and reliable way. Learn more.

Open Source Security Audit (OSSA) reports analyze results of applications audited by Black Duck's On-Demand business as part of M&A activities. A 2016 report on Black Duck Open Source Security Audits of 200 commercial applications revealed some disturbing gaps in open source management. Read a report.

Black Duck’s KnowledgeBase™ is the world’s most complete, current and accurate repository and database of open source software, associated licenses and other critical information, including known security vulnerabilities. It contains open source code from thousands of internet sites, from general-purpose repositories (e.g., github.com, SourceForge.net, Savannah.gnu.org) to vertically and functionally-oriented repositories (e.g., Java.net, bioperl.org, horde.org), to single-project sites (e.g., Asterisk.org). Combined with a sophisticated matching algorithm, this comprehensive coverage of open source enables the industry’s most precise and thorough code scans, identifications and analysis.

Black Duck’s Open Hub, its online community and public directory of free and open source software (FOSS), is also part of COSRI. Open Hub offers analytics and search services for discovering, evaluating, tracking and comparing open source code and projects. Learn more about Open Hub.