Black Duck audit clients want insights in all risk areas and look to us to augment their software due diligence capabilities.
Software development processes and organization: Our experts conduct in-depth interviews with key personnel to gain insight into the quality and maturity of the organization and its development practices, including coding standards, processes, and tools.
Quality: Using both static analysis tools and manual code review, we provide insights on how well the codebase is written. We can also evaluate the architectural design of the codebase and determine if it is well-structured and modular.
Open source and third-party: Using a range of word-class tools, we provide the most comprehensive and accurate assessment available of the composition of the code and associated license and security risk.
Security: Our team of consultants assess the security posture of the application using static application security testing, penetration testing, and secure design review.