Standards provide the basis for demonstrating compliance with laws, policies, and regulatory guidelines.

Black Duck DevSecOps tools and services can help organizations comply with laws, regulatory guidance, policies, and standards related to application security (AppSec), software quality, data protection, and privacy. Avoid exploits by finding and fixing weaknesses and vulnerabilities using DevSecOps tools that provide detailed reports listing the specific rules and categories of each standard that the tools address.

To help raise the bar for software security and stay informed about the latest security issues, Black Duck employees serve or have served as subject matter experts for the committees, boards, working groups, programs, and projects related to AppSec standards, policies, and regulatory guidelines.

View open source community initiatives

Automotive Industry Action Group (AIAG)

CERT

Carnegie Mellon University Software Engineering Institute (SEI) Computer Emergency Response Team (CERT) Division

CIS WorkBench

CIS WorkBench

Enterprise Singapore

Enterprise Singapore

incits

International Committee for Information Technology Standards (INCITS)

ITU

International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T)

MISRA

Motor Industry Software Reliability Association (MISRA)

Object Management Group

Object Management Group (OMG)

UL (formerly Underwriters Laboratories)

Auto-ISAC

Automotive Information Sharing and Analysis Center (Auto-ISAC)

Center for Internet Security

Center for Internet Security (CIS)

CISQ

Consortium for Information and Software Quality (CISQ)

IEC

International Electrotechnical Commission (IEC)

ISA

International Society of Automation (ISA)

JasPar

Japan Automotive Software Platform and Architecture (JASPAR)

NIST

National Institute of Standards and Technology (NIST)

SAE International

Automotive Open System Architecture (AUTOSAR)

CIS Benchmarks

CIS Benchmarks

CVE

Common Vulnerabilities and Exposures (CVE)

IEEE

Institute of Electrical and Electronics Engineers (IEEE)

ISO

International Standards Organization (ISO)

JNSA

Japan Network Security Association (JNSA)

NTIA

National Telecommunications and Information Administration (NTIA)

Singapore Standards Council

Singapore Standards Council

Common Attack Pattern Enumeration and Classification (CAPEC)

CIS Benchmarks Community

CIS Benchmarks Community

CWE

Common Weakness Enumeration (CWE)

IEEE Technical Committee

IEEE Technical Committee on Electric and Autonomous Vehicles (TC-EAV)

ITI

Information Technology Industry Council (ITI or ITI-C)

METI

Ministry of Economy, Trade, and Industry (METI)

Oasis Open

Organization for the Advancement of Structured Information Standards (OASIS) Open and SARIF

Standards Development Organization

Standards Development Organisation