"We really want to push the envelope of security. Working with Synopsys helped us move closer to that goal."

“We click one button to set up a CI plan, and it pulls in everything from Black Duck, Defensics, Coverity, and our other security analysis tools, and they automatically get plugged in and start generating reports and scans, and if a bug needs to be fixed, it gets into our …

“It is very important to understand each team’s skills and take a down-to-earth approach. For example, sales and those who are not acquainted with software may not even understand what open source is, so it has to be explained. It is also very important not to just end up emphasizing …

“Identifying open source components and the different licensing types associated with the underlying source code was vital so that we could understand what risks and obligations potentially existed for us.”

"What Black Duck does is put a light on open source code problems prior to release of a new version of our product. It’s helped us correct issues, plus ensure we don’t have similar issues in the future."

"ADP has successfully used Black Duck for audits for many years, but recently they outdid themselves. Due to internal issues, we called at noon one day asking for what we thought was the impossible, a next day delivery. Amazingly, Black Duck made it possible and had auditors work all night …

“With Synopsys Coverity and Black Duck solutions, we were able to achieve our safety and quality standard certifications.”

“Security is a requisite in the FinTech space, Synopsys’ application validation program leverages Synopsys’ security testing technology and expertise to ensure that applications published on the FusionFabric.cloud platform are designed, developed, and deployed with the highest standards for security.”

“With Black Duck, monitoring of third-party vulnerabilities is a required Trend Micro policy in order to release a product. Our product teams must perform Black Duck scans regularly and address discovered vulnerabilities in compliance with corporate policy. Our policy requires that all high or critical vulnerabilities with a CVSS score …

"Avira believes security is a right, not a privilege."

“Even once we had an official policy in place, it was clear that we needed to bring all stakeholders on board with the importance of OSS license compliance in software development."

"When we built our business case for bringing in Black Duck, our internal information security group was a co-sponsor of the effort. This group now has a significantly easier way to determine which artifacts and versions are affected by any security vulnerability and which applications are impacted as a result. …

“A human only gets involved in the event of an exception. This saves a lot of time. For us, the main thing is to get out of development’s way. The old system really slowed down development, but with Black Duck, they don’t have to worry about filling out spreadsheets. Plus …

“Implementing Black Duck has given us a single tool to manage and mitigate vulnerabilities, allowing our development, operations, and security teams to see the status of our deployments, The product is easy and straightforward to use, and we’d recommend Black Duck to anyone looking into an SCA solution.”

“Essentially, from a technical standpoint, Black Duck met Entersekt’s checklist of what we needed in an open source vulnerability management solution better than any other vendor. The responsiveness and support from both its customer success and technical support teams also led us to make the business decision to select Black …