Enhanced Vulnerability Data

Are there open source vulnerabilities in the applications you’re developing? What about the applications you shipped yesterday?

Every year, thousands of new open source vulnerabilities are reported. But unlike commercial software, open source has no single vendor to keep you informed or ensure you’re using the latest security updates. You have to fend for yourself.

Black Duck by Synopsys vulnerability database reporting and monitoring provides a complete view of known vulnerabilities in the open source you’re using, and real-time alerts when new vulnerabilities are reported, keeping you protected before and after your applications ship.

Enhanced vulnerability data: Above and beyond the NVD

Other solutions rely solely on data from the National Vulnerability Database (NVD), the U.S. government repository of standards-based vulnerability data. But many vulnerabilities and affected open source projects are never documented in the NVD, and often vulnerabilities that are added to the NVD aren’t listed until weeks after they become public. Given the risks, you can’t afford to wait.

Black Duck Enhanced Vulnerability Data (EVD) goes beyond the NVD, with data from multiple sources researched and analyzed by Black Duck’s dedicated security research team to ensure completeness and accuracy, giving you early warning and complete insight.

  • Same-day notification of newly reported vulnerabilities, up to three weeks earlier than the NVD
  • More vulnerabilities than are reported in the NVD
  • Actionable mitigation, workaround, and remediation guidance
  • Direct mapping to affected applications for rapid evaluation of risk exposure
  • CWE and CVSS 2.0/3.0 Severity data
  • Evidence of attack and compromise information

It’s a race between you and open source vulnerability hackers

Open source is widely used and open source vulnerabilities and exploits widely reported—often on the same day. This gives hackers the tools and head start they need to compromise thousands of applications and websites.

When vulnerabilities go public, the race is on. You need to find and fix the vulnerable open source in your applications before it can be exploited. Black Duck helps you win that race by giving you a complete view of the open source you are using and the earliest notification of new vulnerabilities as they are reported, enabling you to find and fix vulnerabilities fast.

Black Duck protects you before, during, and after deployment

New open source vulnerabilities are often found years after they are introduced. To be safe, you need to stay on top of vulnerabilities affecting your apps long after they deploy. Black Duck continuously monitors and alerts you when new vulnerabilities affect your applications—both in development and in production—automatically, continuously, and without requiring rescans. Black Duck has you covered throughout the application development life cycle.

Talk to a software security and quality expert