"We knew that the key to success would be developer adoption, and that adoption would be dependent upon how easily the new tools and processes fit into our DevOps pipelines."

“We have over a hundred products, with each of those products themselves having hundreds to thousands of different open source components. A decade ago, we had little concept of identifying and understanding open source security vulnerabilities in our BOM. The move to Black Duck was to address our not knowing …

"We can get results from all the tools we use consolidated into one place, and get the results filtered down to only the information we need."

"The real game-changer for us in choosing Black Duck was how it allowed us to not only look into our code base and establish a clean bill of materials, including all OSS components, but also that it allowed us to encourage and support greater use of open source in current …

"We engaged Black Duck audit services to do some open source scans of three codebases, to give us some confidence through the purchasing process of what exposures there might be from an open source risk perspective."

"SFR chose Seeker to help prevent code vulnerabilities of web applications and obtain real-time results for quick remediation."

“With Black Duck, monitoring of third-party vulnerabilities is a required Trend Micro policy in order to release a product. Our product teams must perform Black Duck scans regularly and address discovered vulnerabilities in compliance with corporate policy. Our policy requires that all high or critical vulnerabilities with a CVSS score …

"Avira believes security is a right, not a privilege."

“From being concerned that Coverity would slow development or flood us with false positives, we think of Coverity as if it were a member of the software team.”

“We selected Black Duck because of its KnowledgeBase of open source software. The maintenance of that KnowledgeBase was more robust than other solutions considered.”

"Automating the search and selection of OSS with Black Duck gives us the tools we need to put customers at ease."

“Even once we had an official policy in place, it was clear that we needed to bring all stakeholders on board with the importance of OSS license compliance in software development."

“It is very important to understand each team’s skills and take a down-to-earth approach. For example, sales and those who are not acquainted with software may not even understand what open source is, so it has to be explained. It is also very important not to just end up emphasizing …

"When we built our business case for bringing in Black Duck, our internal information security group was a co-sponsor of the effort. This group now has a significantly easier way to determine which artifacts and versions are affected by any security vulnerability and which applications are impacted as a result. …

“A human only gets involved in the event of an exception. This saves a lot of time. For us, the main thing is to get out of development’s way. The old system really slowed down development, but with Black Duck, they don’t have to worry about filling out spreadsheets. Plus …