Software Integrity Blog

 

Black Duck Binary Analysis scans over 1 million applications

Black Duck Binary Analysis has now scanned over a million apps. Learn how binary analysis helps you detect potential time bombs hidden in your software.

On Tuesday, Black Duck Binary Analysis, Synopsys’ binary analysis solution, scanned its one millionth customer-submitted app.

“This is a significant milestone,” said David Chartier, VP of marketing, Synopsys Software Integrity Group. “This is a strong showing of the scalability and widespread adoption of Black Duck Binary Analysis and its ability to meet the demands of our customers to provide them actionable security information from wide variety of industries, including those working on ICS and medical device firmware, mobile applications, and containerization of services. Not only did we scan our one millionth application, we are peaking at over 1TB of data uploaded daily.”

Software composition analysis recognizes that software today is created by augmenting users’ own code with third-party code and components from various sources. In fact, up to 90% of a software package can originate from sources other than the main author of the software. In some cases, third-party code is commercial code that you licensed, but more often than not, it is some form of open source code. Outdated commercial and open source third-party code integrated into a product may expose it to software vulnerabilities and level the playing field for malicious hackers. Thus OWASP raised “Using components with known vulnerabilities” to its 2013 Top 10 list of the most common and serious sources of vulnerabilities.

Software composition analysis allows you to detect and mitigate these hidden potential time bombs in the software that you create or use. And with binary code analysis, you don’t need to have source code. After you upload virtually any software or firmware, Black Duck Binary Analysis scans it in minutes.

Black Duck Binary Analysis examines binary files to produce a software bill of materials (BoM) and identifies known vulnerabilities against the current Common Vulnerability Enumeration (CVE) from the MITRE organization. The solution provides not only CVEs but also the Common Vulnerability Scoring System (CVSS) rating for each vulnerability it flags. In addition, it identifies common license types, such as copyleft, permissive, LGPL, and proprietary. Black Duck Binary Analysis supports a wide variety of architectures, executable formats, compression formats, firmware formats, and file systems, making it a truly universal tool for software composition analysis.

Want to learn more about software composition analysis?

Get our free white paper on software supply chain management

 

More by this author