55 Black Duck Testimonials

"We really want to push the envelope of security. Working with Synopsys helped us move closer to that goal."

Black Duck has helped us understand our overall security status, and find and fill security holes."

"Coverity is a cornerstone in building secure C code as part of our security development lifecycle."

"We knew that the key to success would be developer adoption, and that adoption would be dependent upon how easily the new tools and processes fit into our DevOps pipelines."

“Even once we had an official policy in place, it was clear that we needed to bring all stakeholders on board with the importance of OSS license compliance in software development."

“It is very important to understand each team’s skills and take a down-to-earth approach. For example, sales and those who are not acquainted with software may not even understand what open source is, so it has to be explained. It is also very important not to just end up emphasizing risks, because that can discourage the use of OSS. While developer support is essential, if you can also involve marketing, sales, and call center agents in training activities, you can propel OSS governance.”

“This is due to many reasons: limited resources and time, concerns that something may break, or in some cases, admins don’t even know that a critical patch is available. That’s why ZPE takes on the responsibility for customers. They’re assured that the systems running their infrastructure are running the latest, most secure software. And if a patch fails, our built-in undo button reverts to a safe configuration before any damage can be done.”

“Identifying open source components and the different licensing types associated with the underlying source code was vital so that we could understand what risks and obligations potentially existed for us.”

"We engaged Black Duck audit services to do some open source scans of three codebases, to give us some confidence through the purchasing process of what exposures there might be from an open source risk perspective."

"Avira believes security is a right, not a privilege."

"Black Duck security experts have been highly responsive and provide us with high-quality subject matter expertise that helps us remediate and mitigate vulnerabilities accurately and efficiently."

"Black Duck stands in a class of its own. From a return on investment standpoint, given the breadth of information we receive from the system and the ease of use, versus our expenditure, we find it to be a great investment. Life for us would be very difficult without Black Duck."

“We have over a hundred products, with each of those products themselves having hundreds to thousands of different open source components. A decade ago, we had little concept of identifying and understanding open source security vulnerabilities in our BOM. The move to Black Duck was to address our not knowing about open source security issues. We recognized that we needed a solution to ensure we were tracking and managing open source and commercial components as part of our overall software security initiative.”

“All of our core products are using Code Center. About three years ago, we began to use Black Duck SCA when building the CI/CD process for our JDA Luminate product line, newly developed, SaaS-native products. Our goal is full migration to Black Duck SCA by the beginning of 2020.”

“Black Duck confirmed our third-party software validation practices. Softegrity SpA, a Synopsys Software Integrity reseller partner, helped to support the relationship between Dextra Technology and Black Duck for this process. With Black Duck and Softegrity, we have partners that we can use to continue strengthening our internal toolchain so that we maintain a high standard of source quality, avoiding potential risks.”