54 Black Duck Testimonials

“We have over a hundred products, with each of those products themselves having hundreds to thousands of different open source components. A decade ago, we had little concept of identifying and understanding open source security vulnerabilities in our BOM. The move to Black Duck was to address our not knowing about open source security issues. We recognized that we needed a solution to ensure we were tracking and managing open source and commercial components as part of our overall software security initiative.”

"We really want to push the envelope of security. Working with Synopsys helped us move closer to that goal."

“Security is a requisite in the FinTech space, Synopsys’ application validation program leverages Synopsys’ security testing technology and expertise to ensure that applications published on the FusionFabric.cloud platform are designed, developed, and deployed with the highest standards for security.”

"ADP has successfully used Black Duck for audits for many years, but recently they outdid themselves. Due to internal issues, we called at noon one day asking for what we thought was the impossible, a next day delivery. Amazingly, Black Duck made it possible and had auditors work all night in order to deliver a report by 11 am the next morning. It's really important for us to have a partner that can bail us out in such a pinch."

“We commissioned Synopsys consultants to help us develop an application security test orchestration solution that looks at the significance of code changes our developers make and the risk profile of the application they’re working on. In essence, we wanted to build an automated traffic cop to direct our security activities. What we now call Intelligent Orchestration moves those activities in the right direction without causing traffic snarls.”

“Even once we had an official policy in place, it was clear that we needed to bring all stakeholders on board with the importance of OSS license compliance in software development."

“It is very important to understand each team’s skills and take a down-to-earth approach. For example, sales and those who are not acquainted with software may not even understand what open source is, so it has to be explained. It is also very important not to just end up emphasizing risks, because that can discourage the use of OSS. While developer support is essential, if you can also involve marketing, sales, and call center agents in training activities, you can propel OSS governance.”

“We selected Black Duck because of its KnowledgeBase of open source software. The maintenance of that KnowledgeBase was more robust than other solutions considered.”

“Project managers can set policies for any given project and open Hub to get a full report on open source in use.”

“We wanted to clearly demonstrate that our solutions have been rigorously tested to protect our customer’s products and applications.”

"Automating the search and selection of OSS with Black Duck gives us the tools we need to put customers at ease."

“Implementing Black Duck has given us a single tool to manage and mitigate vulnerabilities, allowing our development, operations, and security teams to see the status of our deployments, The product is easy and straightforward to use, and we’d recommend Black Duck to anyone looking into an SCA solution.”

"Black Duck security experts have been highly responsive and provide us with high-quality subject matter expertise that helps us remediate and mitigate vulnerabilities accurately and efficiently."

“Our customers are some of the most well-known companies in the technology industry, and their combined expectations, and the critical nature of the software that we provide for key management systems and hardware security modules, means that we must use every possible tool that is available to improve code quality, security, and stability.”

“From being concerned that Coverity would slow development or flood us with false positives, we think of Coverity as if it were a member of the software team.”