Prior to implementing Black Duck, the company’s open source was managed manually, with GitHub and custom-built open source scanners. This was not only labor-intensive, but it failed to identify hidden security concerns. UROS also couldn’t scale this approach across its growing business and suspected that there were a multitude of unidentified concerns that needed to be addressed.
Korkiakoski noted numerous benefits that UROS now enjoys from the implementation of Black Duck—some of which were unexpected. While Korkiakoski was not surprised that Black Duck provided “great license coverage and improved visibility on hidden issues,” he said his team didn’t anticipate the overall improvement to its security practices. “[Our] security and services are becoming better—we have improved our security stance,” he said.
UROS was surprised by the implicit dependencies in the software found in the first tests. The team was able to immediately identify both licensing concerns and dependencies
quickly and with little effort, helping to jumpstart the security initiative.
Fundamental to the company’s DevOps journey is the introduction of automation, wherever possible, into its pipeline. With Black Duck, Korkiakoski stated that security is now “…an ongoing process. Rather than ad hoc, security is automated, giving us a full understanding of our software stack.” Crucial to this automation are Black Duck’s real-time results. Korkiakoski noted that they hadn’t seen this capability in other solutions. “[Black Duck] offers updating of previous scans, while you get results, all in real time. Notifications of these results let you make the right decisions.”
With the help of Black Duck, UROS has seen its security posture rapidly improving, and now matching the reliability and reputation of its product offerings, solidifying its track record as a proven and trusted software provider.