55 Black Duck Testimonials

“From being concerned that Coverity would slow development or flood us with false positives, we think of Coverity as if it were a member of the software team.”

"The real game-changer for us in choosing Black Duck was how it allowed us to not only look into our code base and establish a clean bill of materials, including all OSS components, but also that it allowed us to encourage and support greater use of open source in current and future projects."

"Having a tool that lets us look at our code and look at what issues could be introduced enables us to be a lot more informed and have a higher degree of confidence that when we release software we’re not introducing additional risks."

Black Duck has helped us understand our overall security status, and find and fill security holes."

"In light of this, OPPO strives to strengthen our technological capabilities in security and privacy protection, thus enhancing user experience. Through leveraging intelligence and interconnected scenarios, we are able to strengthen our competitiveness in security and gain users’ trust. This will also ensure that OPPO has sustainable developments. [That’s why] we implemented the [Building Security in Maturity Model] (BSIMM) security assessment offered by Black Duck®.”

"Seeker answered our integrations and automation needs. It provides training and knowledge to its users. Seeker is the perfect tool to help us improve our security practice to build excellent software."

“Project managers can set policies for any given project and open Hub to get a full report on open source in use.”

“We commissioned Synopsys consultants to help us develop an application security test orchestration solution that looks at the significance of code changes our developers make and the risk profile of the application they’re working on. In essence, we wanted to build an automated traffic cop to direct our security activities. What we now call Intelligent Orchestration moves those activities in the right direction without causing traffic snarls.”

"We knew that the key to success would be developer adoption, and that adoption would be dependent upon how easily the new tools and processes fit into our DevOps pipelines."

“Identifying open source components and the different licensing types associated with the underlying source code was vital so that we could understand what risks and obligations potentially existed for us.”

"When we built our business case for bringing in Black Duck, our internal information security group was a co-sponsor of the effort. This group now has a significantly easier way to determine which artifacts and versions are affected by any security vulnerability and which applications are impacted as a result. This capability did not exist before, so this is huge."

“A human only gets involved in the event of an exception. This saves a lot of time. For us, the main thing is to get out of development’s way. The old system really slowed down development, but with Black Duck, they don’t have to worry about filling out spreadsheets. Plus the legal team would have to get involved to vet each usage, and they don’t have to do this now. Changing a version doesn’t prompt all this work.”

"What Black Duck does is put a light on open source code problems prior to release of a new version of our product. It’s helped us correct issues, plus ensure we don’t have similar issues in the future."

"We connected with Black Duck several months before our IPO because our investors, our board and our management team felt it was important – critical, in fact – to understand the health of our source code in terms of security, quality and licensing."

"We use open source software in nearly everything we do because it helps us produce higher quality software, better and faster."