“We wanted a solution that could seamlessly integrate with our technology stack, was easy to use, and provided relevant feedback on mitigating any threats found in the open source used in our code and we wanted that to happen as early as possible in the development cycle.”

“Identifying open source components and the different licensing types associated with the underlying source code was vital so that we could understand what risks and obligations potentially existed for us.”

“With Black Duck, monitoring of third-party vulnerabilities is a required Trend Micro policy in order to release a product. Our product teams must perform Black Duck scans regularly and address discovered vulnerabilities in compliance with corporate policy. Our policy requires that all high or critical vulnerabilities with a CVSS score …

"Avira believes security is a right, not a privilege."

"What Black Duck does is put a light on open source code problems prior to release of a new version of our product. It’s helped us correct issues, plus ensure we don’t have similar issues in the future."

At day’s end, we have assurance that there’s no red flags or potential issues—that’s the value of Black Duck audits."

"We really want to push the envelope of security. Working with Synopsys helped us move closer to that goal."

“We would recommend Synopsys as a provider of a comprehensive set of holistic, complementary AppSec solutions, backed by a pool of sharp consultants who understand globally the industries they work with, as well as an organization’s unique processes. For a B2B global organization like MEGA, it’s a must.”

"Having a tool that lets us look at our code and look at what issues could be introduced enables us to be a lot more informed and have a higher degree of confidence that when we release software we’re not introducing additional risks."

“Project managers can set policies for any given project and open Hub to get a full report on open source in use.”

“From being concerned that Coverity would slow development or flood us with false positives, we think of Coverity as if it were a member of the software team.”

"Within six months of Black Duck onboarding, we were able to increase our PCI compliance from 40% to 100%."

"Automating the search and selection of OSS with Black Duck gives us the tools we need to put customers at ease."

"Without clear visibility into present risks, the development of requirements wasn’t progressing."

“We have over a hundred products, with each of those products themselves having hundreds to thousands of different open source components. A decade ago, we had little concept of identifying and understanding open source security vulnerabilities in our BOM. The move to Black Duck was to address our not knowing …