Customers subscribing to Black Duck have always received vulnerability data from both the NVD as well as a premium vulnerability data feed identifying additional vulnerabilities not cataloged in the NVD. But we felt we could do even better.
Synopsys has released the next stage of deep-sourced vulnerability data that is discovered, curated, analyzed, and published hourly by our CyRC security research teams—the Black Duck Security Advisories (BDSAs).
A BDSA is a classification of open source vulnerabilities identified by the CyRC security research team but not published in the NVD at the time of discovery. BDSAs provide earlier notification of vulnerabilities affecting your codebase (often days or weeks before NIST publishes them in the NVD). They deliver security insight, technical details, and upgrade/patch guidance beyond anything else commercially available today.
With dozens of CyRC security researchers investigating open source project and vulnerability data, we can discover and publish more vulnerabilities quicker than any other commercially available resource, and react with superior agility with earlier notification of vulnerabilities affecting your codebase.
To receive Black Duck Security Advisories, you’ll need to upgrade to Black Duck version 4.4. Contact your Black Duck customer success team for more information. Consider the 23 versions of Struts discovered by the CyRC research team, vulnerable to CVE-2018-11776 and still unlisted in the NVD, and ask yourself:
“How am I protecting my code if I don’t have Black Duck Security Advisories?”