Open Source Insider

Aug 8 2016   8:03AM GMT

Black Duck cooks up extra security sauce

Adrian Bridgwater Adrian Bridgwater Profile: Adrian Bridgwater


Black Duck has created a Centre for Open Source Research & Innovation (COSRI) at its Massachusetts headquarters. The firm is a specialist in ‘automated’ software for securing and managing open source.

Europe-based Black Duck Security Research analyses security issues and attack patterns in open source software to provide what it calls ‘actionable information’ on vulnerabilities, corrective actions to reduce risk… and strategies for using open source effectively.

The firm’s Vancouver based group conducts applied research in data mining, machine learning, natural language processing, big data management and software engineering.

Black Duck CEO Lou Shipley has explained that through COSRI, Black Duck will continue to issue periodic Open Source Security Audit (OSSA) reports analysing results of applications audited by the company’s on-demand business as part of M&A activities.

The firm published a report earlier this year highlighting the challenges organisations face in securing and managing their open source. One OSSA finding was that 67 per cent of the applications contained security vulnerabilities in open source components.

Shipley said the research teams’ work will also add to and enhance Black Duck’s KnowledgeBase™ a repository and database of open source software, associated licenses and information including known security vulnerabilities.


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: