Today, Synopsys completed the acquisition of Black Duck Software, a well-respected, established leader in Software Composition Analysis (SCA), which helps organizations identify open source components in their software and check those components for known security vulnerabilities. The two companies are strategically aligned, with a shared vision of building security and quality into the software development life cycle and across the cyber supply chain. Black Duck will enhance our efforts in the software security market by broadening our product offering and strengthening the Software Integrity Platform.
Software development is undergoing sweeping and rapid change, and one of those changes is the increasing use of Open Source Software (OSS). Analysts report that OSS makes up 60% or more of the code in today’s applications. SCA products enable organizations to identify open source components in their software and check those components for known security vulnerabilities and for license compliance.
Since the creation of the Synopsys Software Integrity Group (SIG), we have been striving to offer a comprehensive, end-to-end portfolio for software security and quality. The acquisition of Black Duck is an important step in this process, giving companies a scalable approach for minimizing software-related business risk, ensuring timely product releases at predictably lower cost, and ensuring internal and external standards compliance.
With the acquisition of Black Duck, the Synopsys Software Integrity portfolio features:
- Static code analysis that addresses security and quality defects with one, proven platform that delivers the highest-confidence results in the business
- Fuzz testing tools that work out of the box with more than 250 network protocols and file formats supported
- Software composition analysis tools that can analyze a wide variety of software applications, supporting dozens of languages and binary formats
- A category-defining Interactive Application Security Testing solution
- Deep linking to training modules that provide developers secure coding best practices directly in their workflow.
Managed services and training to guide your software security initiative
- Use of the Building Security In Maturity Model (BSIMM) framework that helps customers compare the effectiveness of a customer’s software security initiative to the state of the art
- Managed and professional services that help customers implement a software security practice no matter what a customer’s development strategy maturity level is
- Training and e-learning programs that are some of the fastest and most comprehensive ways for a customer’s developers to improve their software security skills
We’d like to give a warm welcome to the employees of Black Duck, and look forward to a bright future working together to add even more value to our customers.