“Identifying open source components and the different licensing types associated with the underlying source code was vital so that we could understand what risks and obligations potentially existed for us.”

"Automating the search and selection of OSS with Black Duck gives us the tools we need to put customers at ease."

“With the continuously increasing importance of open source software globally and SAP’s strategy to utilize the benefits that come with open source software, it was necessary for us to scale our open source-related processes through further automation. We conducted an exhaustive search of applications on the market, and the Black …

Black Duck has helped us understand our overall security status, and find and fill security holes."

“Black Duck SCA is still relatively new to us, and we received a lot of help from the Black Duck support team to address some deployment issues we ran into. I’m happy to say Black Duck is now working like clockwork.”

“The Black Duck Hub allows us to catch security vulnerabilities before our code goes out to clients.”

“ClickFox is the only customer journey analytics platform certified on Hadoop. Our product mission is to enable the business analysts of our clients to easily perform complex journey science and enable them to monetize data by gaining a deep understanding of what their customers are experiencing.”

“Even once we had an official policy in place, it was clear that we needed to bring all stakeholders on board with the importance of OSS license compliance in software development."

“It is very important to understand each team’s skills and take a down-to-earth approach. For example, sales and those who are not acquainted with software may not even understand what open source is, so it has to be explained. It is also very important not to just end up emphasizing …

“With Black Duck, monitoring of third-party vulnerabilities is a required Trend Micro policy in order to release a product. Our product teams must perform Black Duck scans regularly and address discovered vulnerabilities in compliance with corporate policy. Our policy requires that all high or critical vulnerabilities with a CVSS score …

“Implementing Black Duck has given us a single tool to manage and mitigate vulnerabilities, allowing our development, operations, and security teams to see the status of our deployments, The product is easy and straightforward to use, and we’d recommend Black Duck to anyone looking into an SCA solution.”

"We knew that the key to success would be developer adoption, and that adoption would be dependent upon how easily the new tools and processes fit into our DevOps pipelines."

"Seeker answered our integrations and automation needs. It provides training and knowledge to its users. Seeker is the perfect tool to help us improve our security practice to build excellent software."

“We commissioned Synopsys consultants to help us develop an application security test orchestration solution that looks at the significance of code changes our developers make and the risk profile of the application they’re working on. In essence, we wanted to build an automated traffic cop to direct our security activities. …

“We have over a hundred products, with each of those products themselves having hundreds to thousands of different open source components. A decade ago, we had little concept of identifying and understanding open source security vulnerabilities in our BOM. The move to Black Duck was to address our not knowing …