“Our customers are some of the most well-known companies in the technology industry, and their combined expectations, and the critical nature of the software that we provide for key management systems and hardware security modules, means that we must use every possible tool that is available to improve code quality, …

"Coverity is a cornerstone in building secure C code as part of our security development lifecycle."

“All of our core products are using Code Center. About three years ago, we began to use Black Duck SCA when building the CI/CD process for our JDA Luminate product line, newly developed, SaaS-native products. Our goal is full migration to Black Duck SCA by the beginning of 2020.”

“It was quickly established that Black Duck, as recommended by GENIVI, was indeed the best solution for the job.”

"We connected with Black Duck several months before our IPO because our investors, our board and our management team felt it was important – critical, in fact – to understand the health of our source code in terms of security, quality and licensing."

“We have over a hundred products, with each of those products themselves having hundreds to thousands of different open source components. A decade ago, we had little concept of identifying and understanding open source security vulnerabilities in our BOM. The move to Black Duck was to address our not knowing …

We took the path of looking into tools to improve code quality and security as early as possible in the development lifecycle."

"Black Duck stands in a class of its own. From a return on investment standpoint, given the breadth of information we receive from the system and the ease of use, versus our expenditure, we find it to be a great investment. Life for us would be very difficult without Black …

"What Black Duck does is put a light on open source code problems prior to release of a new version of our product. It’s helped us correct issues, plus ensure we don’t have similar issues in the future."

“This is due to many reasons: limited resources and time, concerns that something may break, or in some cases, admins don’t even know that a critical patch is available. That’s why ZPE takes on the responsibility for customers. They’re assured that the systems running their infrastructure are running the latest, …

“Even once we had an official policy in place, it was clear that we needed to bring all stakeholders on board with the importance of OSS license compliance in software development."

“It is very important to understand each team’s skills and take a down-to-earth approach. For example, sales and those who are not acquainted with software may not even understand what open source is, so it has to be explained. It is also very important not to just end up emphasizing …

"Black Duck has become a standard part of our due diligence when we buy a software company."

"Having a tool that lets us look at our code and look at what issues could be introduced enables us to be a lot more informed and have a higher degree of confidence that when we release software we’re not introducing additional risks."

“With Black Duck, monitoring of third-party vulnerabilities is a required Trend Micro policy in order to release a product. Our product teams must perform Black Duck scans regularly and address discovered vulnerabilities in compliance with corporate policy. Our policy requires that all high or critical vulnerabilities with a CVSS score …