“We click one button to set up a CI plan, and it pulls in everything from Black Duck, Defensics, Coverity, and our other security analysis tools, and they automatically get plugged in and start generating reports and scans, and if a bug needs to be fixed, it gets into our bug management system right away.”
“With Black Duck, monitoring of third-party vulnerabilities is a required Trend Micro policy in order to release a product. Our product teams must perform Black Duck scans regularly and address discovered vulnerabilities in compliance with corporate policy. Our policy requires that all high or critical vulnerabilities with a CVSS score of seven or higher must be fixed.”
“It is very important to understand each team’s skills and take a down-to-earth approach. For example, sales and those who are not acquainted with software may not even understand what open source is, so it has to be explained. It is also very important not to just end up emphasizing risks, because that can discourage the use of OSS. While developer support is essential, if you can also involve marketing, sales, and call center agents in training activities, you can propel OSS governance.”
"Avira believes security is a right, not a privilege."
"Black Duck stands in a class of its own. From a return on investment standpoint, given the breadth of information we receive from the system and the ease of use, versus our expenditure, we find it to be a great investment. Life for us would be very difficult without Black Duck."
"In light of this, OPPO strives to strengthen our technological capabilities in security and privacy protection, thus enhancing user experience. Through leveraging intelligence and interconnected scenarios, we are able to strengthen our competitiveness in security and gain users’ trust. This will also ensure that OPPO has sustainable developments. [That’s why] we implemented the [Building Security in Maturity Model] (BSIMM) security assessment offered by Black Duck®.”
"We engaged Black Duck audit services to do some open source scans of three codebases, to give us some confidence through the purchasing process of what exposures there might be from an open source risk perspective."
"We really want to push the envelope of security. Working with Synopsys helped us move closer to that goal."
“We commissioned Synopsys consultants to help us develop an application security test orchestration solution that looks at the significance of code changes our developers make and the risk profile of the application they’re working on. In essence, we wanted to build an automated traffic cop to direct our security activities. What we now call Intelligent Orchestration moves those activities in the right direction without causing traffic snarls.”
“Even once we had an official policy in place, it was clear that we needed to bring all stakeholders on board with the importance of OSS license compliance in software development."
At day’s end, we have assurance that there’s no red flags or potential issues—that’s the value of Black Duck audits."
“Black Duck was the only solution that provided everything we wanted. Black Duck analysis speeds are very fast, and vulnerability information is distributed quickly.”
"Within six months of Black Duck onboarding, we were able to increase our PCI compliance from 40% to 100%."
"The real game-changer for us in choosing Black Duck was how it allowed us to not only look into our code base and establish a clean bill of materials, including all OSS components, but also that it allowed us to encourage and support greater use of open source in current and future projects."
"SFR chose Seeker to help prevent code vulnerabilities of web applications and obtain real-time results for quick remediation."
FeaturedCustomers has 1,806,713+ validated customer references
including reviews, case studies, success stories, customer stories,
testimonials and customer videos that will help you make better
software purchasing decisions.