Manage Custom and Open Source with HPE Security Integrations

A Case for Comprehensive App Security with HPE Security

Developers don’t limit themselves to one method when building applications. They pull from third party libraries, build custom code for themselves, and rely heavily on open source. As a proponent for open source, I think it's important to recognize its prevalence in software development today. Black Duck research shows that 95% of all mission-critical applications contain open source in the business world. A recent Forrester Wave on Software Composition Analysis reported that 80% to 90% of code these days is open source. So while custom code may be the mortar that ties an application together, open source components are the bricks that make up the bulk of its structure.

When we talk about application security, the need to secure your open source is clear. Open source vulnerabilities affecting widely used components such as OpenSSL , the Standard C Library, and more recently Samba have made headlines exposing the need for better management and security of open source components. Black Duck’s 2017 Open Source Security and Risk Analysis report found that there’s a startling deficiency in the management of open source in most organizations. But when you’re building applications using a mix of open source and custom code, you ideally want to be able to track and manage vulnerabilities across both types of code. This can be a challenge, but the good news is that with updated integrations between Black Duck Hub and HPE Security tools you can do just that.

Learn about the HPE Security Fortify Integration with Black Duck Hub

Integrated Security Management with Hub and HPE Security

With all the tools available to help you — static analysis, dynamic analysis, penetration testing, open source scans just to name a few — managing software security can quickly start to seem painful. That’s why Black Duck and HPE have partnered to let you manage your full set of application security needs in one place.

HPE Security Fortify provides enterprise-grade tools to give visibility into the software risk in custom code using static and dynamic testing. Software Security Center (SSC) is their solution for companies who prefer on-premise AppSec management, and Fortify on Demand works in the cloud. Black Duck Hub now integrates with both, giving you the ability to detect, prioritize, and fix open source vulnerabilities alongside your custom code bugs in a single, unified view.

Black Duck Hub Integrates with Software Security Center (SSC)  and Fortify on Demand

Black Duck and HPE are excited to team up on this effort. Jason Schmitt, Vice President and General Manager, HPE Security Fortify, Hewlett Packard Enterprise told us, “Black Duck’s integrations complement our existing secure development and security testing solutions by providing the ability to view the results of open source scanning alongside application security testing results to deliver a more complete and effective approach to managing application security.”

With the power of HPE Security Fortify and Black Duck Hub, you can be sure that you’ll be getting complete visibility into your entire security risk profile. Black Duck is excited to announce the new version of this integration. Check out our new partnership page for more information, or download the integration on Github.

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Secure Cloud Deployments with Black Duck and Pivotal Cloud Foundry

| Jul 18, 2017

In the world of software, containers are changing everything. We can build and deploy applications rapidly and flexibly. We can deploy in the cloud; we can scale with incredible reliability. Entire industries are evolving to empower organizations to move from traditional application development to

| MORE >

Black Duck and Google Help Teams Build Cloud Apps with Confidence

| Jul 13, 2017

The way development teams build and deploy software is always changing. Recently, though, that trend has been more drastic. Today, the most productive development teams are using containers to build, deploy, and manage applications. Containers, in turn, have given those teams the flexibility and

| MORE >