Cigital, an application security specialist is working with Black Duck Software, the specialist in locating, securing and managing open source software.
Cigital says: "The partnership with Black Duck brings an industry-leading solution for open source security and compliance to the table that complements Cigital’s comprehensive application security testing portfolio. Black Duck’s Hub solution effectively analyses and manages open source security with a Knowledge Base that contains ten years’ worth of data gleaned from over one million software projects from more than 8,500 sites."
"For all of the benefits that open source creates, there is risk. The Black Duck report discloses that there are an average of 22.5 vulnerabilities identified in applications that included open source components. Additionally, 40% of those vulnerabilities are rated “severe.” These statistics demonstrate that the security of open source must now be included in the software security conversation."
"Applications are no longer simple, monolithic creatures—they have evolved into a blend of code written in-house and open source components. Organisations must evolve accordingly, which is why the partnership between Black Duck and Cigital was formed. Cigital covers the in-house written components, and Black Duck the open source components. Together, organizations get the complete coverage to identify vulnerabilities and remediate these vulnerabilities before they can be exploited which ultimately equates to a lower risk profile."