Enhanced Open Source Vulnerability Data
Are there open source vulnerabilities in the applications you’re developing? What about the applications you shipped yesterday?
Every year, thousands of new open source vulnerabilities are reported. But unlike commercial software, open source has no single vendor to keep you informed or ensure you’re using the latest security updates. You have to fend for yourself.
Black Duck’s vulnerability database provides a complete view of known vulnerabilities in the open source you’re using, and real-time alerts when new vulnerabilities are reported, keeping you protected before and after your applications ship.
Above and beyond the NVD
Other solutions rely solely on data from the National Vulnerability Database (NVD), the U.S. government repository of standards-based vulnerability data. But many vulnerabilities and affected open source projects are never documented in the NVD, and vulnerabilities often aren’t listed in the NVD until weeks after they become public. Given the risks, you can’t afford to wait.
Black Duck® Security Advisories (BDSA) go beyond the NVD, with enhanced data that is researched and analyzed by the Cybersecurity Research Center (CyRC) to ensure completeness and accuracy, giving you early warning and complete insight.
It’s a race between you and open source vulnerability hackers
Open source is widely used, and open source vulnerabilities and exploits are widely reported—often on the same day. This gives hackers the tools and head start they need to compromise thousands of applications and websites.
When vulnerabilities go public, the race is on. You need to find and fix the vulnerable open source in your applications before it can be exploited. Black Duck helps you win that race by giving you a complete view of the open source you’re using and the earliest notification of new vulnerabilities as they’re reported, enabling you to find and fix vulnerabilities fast.
- Same-day notification of newly reported vulnerabilities, up to three weeks earlier than the NVD
- Thousands of Black Duck exclusive vulnerabilities not available in the NVD
- Actionable mitigation, workaround, and remediation guidance
- Direct mapping to affected applications for rapid evaluation of risk exposure
- CWE and CVSS 2.0/3.0 severity data
- Evidence of attack and compromise information
- Policy features enabling the automatic prioritization of vulnerabilities for remediation based on the enhanced BDSA data
Demonstrating the Value of Black Duck Security Advisories
Learn more about how Black Duck Security Advisories empower users to effectively prioritize and remediate vulnerabilities before a potential security breach can occur.
Black Duck Technology
Black Duck protects you before, during, and after deployment
New open source vulnerabilities are often found years after they’re introduced. To be safe, you need to stay on top of vulnerabilities affecting your apps long after they deploy. Black Duck continuously monitors and alerts you when new vulnerabilities affect your applications—both in development and in production—automatically, continuously, and without requiring rescans. Black Duck has you covered throughout the application development life cycle.
Related content
Five Considerations for Securing Your Software Supply Chain
Download the supply chain security solution guide
Forrester Wave: Software Composition Analysis
See why Black Duck is a software composition analysis Leader
