jeff cheng, profile picture
Uploaded byjeff cheng
5,633 views

BlackDuck Suite

The document discusses the challenges of managing open source software at scale and introduces the Black Duck Suite as a solution. It summarizes the evolution of software development, the promises and challenges of open source, and risks of unmanaged code. The Black Duck Suite helps manage risks through an automated workflow that integrates with development tools to enable multi-source development across the application lifecycle. It addresses management, compliance, and security challenges.

Technology
In this document
Powered by AI

Introduction to Black Duck Suite, highlighting benefits for open source software in innovation.

Discusses software development evolution and the advantages of open source, including cost reduction.

Outlines multi-source development risks, including management, compliance, and security challenges.

Illustrates risks associated with unmanaged code through Cisco and Microsoft's experiences.

Emphasizes early detection of vulnerabilities and the importance of the right solutions.

Proposes strategies for automating and streamlining open source management and compliance.

Highlights how Intel and InfoPrint Solutions successfully used Black Duck for compliance and collaboration.

Details the integration of Black Duck Suite with existing processes, focusing on management and compliance.

Describes the workflow in application lifecycle management, ensuring compliance and security.

Showcases Black Duck's robust code search options and its scalable architecture for enterprise management.

Discusses how Black Duck Suite empowers collaboration and supports centralized validation.

Explains the significance of the KnowledgeBase in managing open source software effectively.

Details how Black Duck helps in compliance management, licensing, and security monitoring.

Highlights the importance of managing security vulnerabilities with early detection and alerts.

Summarizes the key features and benefits of Black Duck Suite, emphasizing its support and scalability.

Embed presentation

The Black Duck Suite: Enabling Faster, Lower Cost Innovation with Open Source Software Black Duck Software
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Agenda  Market Dynamics and Challenges  Meeting the Challenges  Overview of the Black Duck Suite  Summary
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Evolution of Software Development Component-Based Development 1980’s 1990’s 2000’s Focus Code Design Individual Software Developer Scope Development Ecosystem Application Life Cycle Management Single Enterprise Project Team Collaboration
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. The Promise of Open Source The Promise The Challenges Significantly reduce development costs – up to 90% – and accelerate time to market Billions of lines of available code  Management  Compliance  Security Realize the promise while eliminating the challenges The Black Duck Solution...
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Black Duck Enables Multi-Source Development YOUR COMPANY Software Application Open Source Software Internally Developed Code Outsourced Code Development Commercial 3rd - Party Code  Individuals  Universities  Corporate Developers Code Obligations
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Development Challenges Using Open Source at Scale Management  Leverage the right software from many sources  Increase productivity using component software  Encourage standardization of components & versions  Deliver timely support Compliance & Security  Comply with open source policies  Manage licensing and associated obligations  Complying with export regulations  Track security vulnerabilities Formal control of open source software lags adoption:  58% of companies surveyed do not have formal polices or guidelines for OSS Source: 451 Group, December 2009
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Risks of Unmanaged Code Loss of Intellectual Property Export Regulations Injunctions Security Vulnerabilities Software Defects License Rights and Restrictions Contractual Obligations Escalating Support Costs
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved.Copyright © 2007 Black Duck Software, Inc. All Rights Reserved. Confidential and Proprietary. The Story of Cisco’s Software Supply-Chain Developers modified firmware turning a low-end ($60) device into a high-function router The story continues... embedded the code in one of its chipsets used GPL code to customize Broadcom’s standard Linux distribution bought for $500M in 2003 adopted this technology into its WRT54G wireless broadband router Source code made available by FSF accused Cisco of a license violation
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved.  Infringement  Valuation  Negative publicity  New revenue  Support costs  Vulnerability Risks of Open Source and Other Cases (VOIP Phone) (Wireless Router) (GPS Navigation) (Network Attached Storage) (WiMax, other ) (iPhone WIP300) (Home Hub Router)
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Even Large, Well Run Software Companies Have Challenges : Microsoft Windows 7 GPL Violation The Windows 7 USB/DVD Tool Violated GPLv2 License • Code was “multi-source,” including code from an external supplier with OSS • Microsoft pulled the product from the Microsoft Store, then announced it is making the source code and binaries available Takeaways: • Even big companies make mistakes • OSS can enter from many sources • It’s difficult to manage OSS without both process and technology
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Google Security Flaws  These vulnerabilities discovered within 24 hours of release  Easily avoided with the right solution
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Pro-Active and Controlled Use of Open Source  Cost of defects – Minimal when issues are detected early in lifecycle – Grows 100-1,000X late in the lifecycle  Invest time and process to choose good code up front vs fixing problems later Capers Jones, Applied software measurement: assuring productivity and quality, 1999.
Meeting the Challenges
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Meeting the Challenges of Using Open Source  You could automate manual approval processes and empower team members to collaborate? – Bring together legal, development, executive staff, others  You could automate discovery and validation to manage risk and ensure compliance? – Know what’s in your code base – Validate software bill of materials (BoM) before shipping – Know origins of external code  Development had a catalog of pre-approved components? – Eliminate unnecessary, redundant requests and approvals – Know and track where components are used  Finding the right open source was fast and easy? – Quality, maturity – Version – Understanding license obligations – Dependencies What if...
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Black Duck Helps Unleash the Potential of Open Source Software  Workflow and approval for multi-user team collaboration with role-based access control – Eliminate approval delays, enhance group productivity  Automatically scan code base to identify open source and uncover hidden license obligations – Ensure compliance and confidently manage software origins and obligations  Catalog of pre-approved components – Saves time and effort – Encourages standardization and re-use  Industry’s most comprehensive open source KnowledgeBase – Enables fast, easy, search and selection of open source software
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Case Study: InfoPrint Solutions “We chose Black Duck automation to improve productivity by supporting our software license approval processes, code validation and security alert processes. And more importantly, it gives us the highest confidence that we are in compliance with the licenses for the open source software embedded in our products.” – Mike Munger, Senior Technical Staff Manager InfoPrint Solutions Company Why InfoPrint chose Black Duck  Identify open source software  Automate approval process  Monitor security vulnerabilities on open source components Black Duck Code Center for approval automation Black Duck Protex servers validating BOM’s and performing license discovery  Manages legal risk  Enables collaboration around open source approvals  Streamlines processes Problem Solution Benefits
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Case Study: Intel Corporation “We selected Black Duck because its knowledge base of open source software and the maintenance of that knowledge base were more robust than other solutions—and the more robust the knowledge base, the lower the risk that licensed software will be used inappropriately.” Why Intel chose Black Duck  Identify open source software  Automate verification and compliance  Improve collaboration between functions (development, legal, management, etc.) Black Duck Protex servers deployed globally, integrated with development tools  Identifies software conflicts early  Reduces rework  Lowers risk of legal issues Problem Solution Benefits
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved.  Manage the risks and maximize the compelling benefits of multi-source development  Integrates with existing development tools and processes  Solves the three main challenges associated with multi-source development: Enabling Multi-Source Development Across the Application Lifecycle Management Compliance Security
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Management  Create and share a catalog of approved components  Configurable, role-based approval workflow  Authentication and role-based access control for individual enterprise users  Comprehensive code and component search and selection Compliance  Automate code discovery, validation, audit  Ensure compliance with regulations and company policies  Manage and control software versions, origins & obligations (open source and other code)  Monitor known security vulnerabilities  Automatic updates to catalog with real- time alerts; track “where used”  Ensure selection of most secure open source components Security
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Application Lifecycle Conceptualize Define Design Develop Build Test Deploy Search & Select Approve Validate Compliance Audit & Maintain Scan/Analyze Management, Compliance, Security
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved.  IT  Security  Legal  Management  Quality Approval Company Policies Build, Test Systems Software Bill of Materials Scan & Validate Production Systems Development Catalog Component Requests Audit & Maintain SCM Search &Select Approved Components  Open source  Code prints  Vulnerabilities  Binaries KnowledgeBase Automated Workflow
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Comprehensive Code Search Black Duck KnowledgeBase Internal Internal CatalogSCM Files Koders.com External Code Search  Find and re-use OSS and existing code across multiple repositories  Improve quality by more easily tracking down bugs/defects across the enterprise Source code Component Attributes
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. The Black Duck Suite - Architecture  Scalable enterprise architecture  Modular design  Customizable  Extensible  Browser-based for anywhere, any time access  Integrates with existing ALM infrastructure KnowledgeBase SDK Core Framework UI Framework 23
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Supporting Enterprise Collaboration
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Typical Deployment of the Black Duck Suite Code Code Code Code Code Code Code Code Approval Validation Approval Scanning Source CodeCode Centralized approval with decentralized scanning & validation Validation ValidationValidation
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. The Black Duck KnowledgeBase The Foundation of the Black Duck Suite The industry’s most comprehensive open source database Extensive metadata  Tens of billions of lines of code  From over 4,500 sites  Released under 1,800+ unique licenses  39,000+ security vulnerabilities  450+ cryptographic algorithms  Name, description, versions, URL  License, programming language, OS  National Vulnerability Database  Cryptography  Code Prints of source/binary  Other information Open Source Software  Uniquely addresses the “long tail” of OSS projects  Patented search & pattern-matching technologies  Continuously expanded  Custom Code Printing to add proprietary code  Daily security vulnerability alerts  Automated Metadata Updates issued ~2x month
Black Duck Suite - Management - Compliance - Security - Code Search Koders.com
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Developer Catalog  Faster and lower cost application development  Make better choices on the front-end of development process (100X less costly than fixing a defect later)  Increased reuse of good code – open source, licensed from 3rd parties  Authentication and access control for individual enterprise users  Avoidance of… – License problems – Version uncertainties – Security vulnerabilities KnowledgeBase  Developers  Security  IT  Legal  Management  Quality Approval Boards SourceForge RubyForge Eclipse.org Apache.org etc… Open Source Approval Flow Alerts OSS & Code Management
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved.  Confidently manage software origins & obligations  Audit code base against approved components  Simplify code reviews and 3rd party licensing  Reduce costs while improving accuracy Application Server Projects Licenses Open Source Third Party Code Internal Code Compliance KnowledgeBase Review Board License Conflict Bill of Materials Developers Automated Workflow
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved.  Find cryptographic code embedded in complex software  Automate compliance with encryption export policy and regulations  Simplify BIS/NSA notification and licensing  Generate audit and document compliance reports CryptoBase Developers Compliance Report Compliance: Encryption & Export Regulations
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Security Vulnerability Management  Make informed choices early in the process to ensure selection and use of most secure open source components  Catalog of approved components is automatically updated  Monitor security vulnerabilities – Daily security alerts routed to customers – Automatic alerts are sent to appropriate owner for all components based on “where used” e.g., Apache Tomcat, Struts, MySql Where Used KnowledgeBase Alerts Developer Catalog Approved Components Approval Flow Management Alerts
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved.  Fast search and increased visibility  Integration with development tools / SCM’s  Proven scalability to billions of lines of code Enterprise Code Search for Software Developers Developers SCM Internal Code Index CVS File System Subversion Code Search
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Black Duck Suite Summary Features Benefits Completeness  Covers key processes– search, select, approve, validate and monitor  Provides the industry’s most comprehensive knowledge base of OSS Automation  Improves efficiency and speed in development  Development and approval processes  Ensures compliance with company policies Collaboration  Enables stakeholders -- development, legal, security, IT, trade compliance and others -- to work together to achieve shared objectives Scalability  “Enterprise-class” scalability, configurability, extensibility, and access-controlled security  Meets the needs of the largest software development organizations Integration  SDK with web services API  Integrates with existing developer tools  Certified “Ready for Rational”
Copyright © 2010 Black Duck Software, Inc. All Rights Reserved. Why Black Duck Pioneered open source code analysis market in 2002 Leadership products and services for managing open source throughout the application life-cycle Most comprehensive KnowledgeBase of open source software in the industry Most experienced vendor with largest customer base Responsive 24X7 support, global presence

More Related Content

PDF
Introduction to Algorithms Complexity Analysis
byDr. Pankaj Agarwal
 
PPTX
Palamida Open Source Compliance Solution
byEngineering Software Lab
 
PPTX
Software agents
byrajsandhu1989
 
PPTX
Software Engineering Layered Technology Software Process Framework
byJAINAM KAPADIYA
 
PPT
Software Quality Assurance
bySachithra Gayan
 
PPTX
P np & np completeness
byAnwal Mirza
 
PPT
Knapsack problem and Memory Function
byBarani Tharan
 
PPT
DESIGN AND ANALYSIS OF ALGORITHMS
byGayathri Gaayu
 
Introduction to Algorithms Complexity Analysis
byDr. Pankaj Agarwal
 
Palamida Open Source Compliance Solution
byEngineering Software Lab
 
Software agents
byrajsandhu1989
 
Software Engineering Layered Technology Software Process Framework
byJAINAM KAPADIYA
 
Software Quality Assurance
bySachithra Gayan
 
P np & np completeness
byAnwal Mirza
 
Knapsack problem and Memory Function
byBarani Tharan
 
DESIGN AND ANALYSIS OF ALGORITHMS
byGayathri Gaayu
 

What's hot

PPT
N-version programming
byshabnam0102
 
PPT
Lower bound
byRajendran
 
PPTX
Dynamic programming
byMelaku Bayih Demessie
 
PPT
Daa presentation 97
byGarima Verma
 
PDF
Daa notes 1
bysmruti sarangi
 
PPTX
Daa unit 1
byAbhimanyu Mishra
 
PPTX
Traveling salesman problem
byJayesh Chauhan
 
PPTX
Software Quality Assurance
bySaqib Raza
 
PPTX
Automata theory -- NFA and DFA construction
byAkila Krishnamoorthy
 
PPTX
Multilayer & Back propagation algorithm
byswapnac12
 
PPTX
Recursion (left recursion) | Compiler design
byShamsul Huda
 
PDF
Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...
byEmtec Inc.
 
PDF
Quality Assurance in SDLC
byAdil Mughal
 
PPTX
Types of Machine Learning
bySamra Shahzadi
 
PPT
1.1 The nature of software.ppt
byJAYAPRIYAR7
 
PPTX
Google colab introduction
bySaravanakumar viswanathan
 
PPTX
Components of the sqa system
byHamza Malik
 
PPTX
Multimedia basic video compression techniques
byMazin Alwaaly
 
PDF
9. chapter 8 np hard and np complete problems
byJyotsna Suryadevara
 
PPT
Quality Management in Software Engineering SE24
bykoolkampus
 
N-version programming
byshabnam0102
 
Lower bound
byRajendran
 
Dynamic programming
byMelaku Bayih Demessie
 
Daa presentation 97
byGarima Verma
 
Daa notes 1
bysmruti sarangi
 
Daa unit 1
byAbhimanyu Mishra
 
Traveling salesman problem
byJayesh Chauhan
 
Software Quality Assurance
bySaqib Raza
 
Automata theory -- NFA and DFA construction
byAkila Krishnamoorthy
 
Multilayer & Back propagation algorithm
byswapnac12
 
Recursion (left recursion) | Compiler design
byShamsul Huda
 
Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...
byEmtec Inc.
 
Quality Assurance in SDLC
byAdil Mughal
 
Types of Machine Learning
bySamra Shahzadi
 
1.1 The nature of software.ppt
byJAYAPRIYAR7
 
Google colab introduction
bySaravanakumar viswanathan
 
Components of the sqa system
byHamza Malik
 
Multimedia basic video compression techniques
byMazin Alwaaly
 
9. chapter 8 np hard and np complete problems
byJyotsna Suryadevara
 
Quality Management in Software Engineering SE24
bykoolkampus
 

Similar to BlackDuck Suite

PPTX
Going Open: How to Make a Project Open Source
byBlack Duck by Synopsys
 
PPTX
It’s No Myth: Compliance Is Good Business
byBlack Duck by Synopsys
 
PDF
Open Source Insight: Struts in VMware, Law Firm Cybersecurity, Hospital Data ...
byBlack Duck by Synopsys
 
PPTX
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
byBlack Duck by Synopsys
 
PPTX
Open Source Trends and Why They Matter to Health Care
byBlack Duck by Synopsys
 
PPTX
Keynote - Lou Shipley
byJerika Phelps
 
PDF
Create a Unified View of Your Application Security Program – Black Duck Hub a...
byDenim Group
 
PDF
Security in the Age of Open Source
byFINOS
 
PPTX
RVAsec Bill Weinberg Open Source Hygiene Presentation
byBlack Duck by Synopsys
 
PPTX
Open Source Insight: Balancing Agility and Open Source Security for DevOps
byBlack Duck by Synopsys
 
PDF
Legal Issues in Developing in a Hybrid Envionment with Open Source Software
byMark Radcliffe
 
PPTX
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
byBlack Duck by Synopsys
 
PPTX
Four Steps to Creating an Effective Open Source Policy
byBlack Duck by Synopsys
 
PPTX
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
PPT
JDA: Building an Open Source Center of Excellence
byBlack Duck by Synopsys
 
PDF
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
bySynopsys Software Integrity Group
 
PPTX
Push To Test - Open Source Adoption in the Enterprise
byAndrew Aitken
 
PPTX
Open Source as an Element of Corporate Strategy
byBlack Duck by Synopsys
 
PDF
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
byBlack Duck by Synopsys
 
PPTX
Software Security Assurance for DevOps
byBlack Duck by Synopsys
 
Going Open: How to Make a Project Open Source
byBlack Duck by Synopsys
 
It’s No Myth: Compliance Is Good Business
byBlack Duck by Synopsys
 
Open Source Insight: Struts in VMware, Law Firm Cybersecurity, Hospital Data ...
byBlack Duck by Synopsys
 
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
byBlack Duck by Synopsys
 
Open Source Trends and Why They Matter to Health Care
byBlack Duck by Synopsys
 
Keynote - Lou Shipley
byJerika Phelps
 
Create a Unified View of Your Application Security Program – Black Duck Hub a...
byDenim Group
 
Security in the Age of Open Source
byFINOS
 
RVAsec Bill Weinberg Open Source Hygiene Presentation
byBlack Duck by Synopsys
 
Open Source Insight: Balancing Agility and Open Source Security for DevOps
byBlack Duck by Synopsys
 
Legal Issues in Developing in a Hybrid Envionment with Open Source Software
byMark Radcliffe
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
byBlack Duck by Synopsys
 
Four Steps to Creating an Effective Open Source Policy
byBlack Duck by Synopsys
 
Managing Open Source in Application Security and Software Development Lifecycle
byBlack Duck by Synopsys
 
JDA: Building an Open Source Center of Excellence
byBlack Duck by Synopsys
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
bySynopsys Software Integrity Group
 
Push To Test - Open Source Adoption in the Enterprise
byAndrew Aitken
 
Open Source as an Element of Corporate Strategy
byBlack Duck by Synopsys
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
byBlack Duck by Synopsys
 
Software Security Assurance for DevOps
byBlack Duck by Synopsys
 

Recently uploaded

PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Hybrid Cloud vs Multi-Cloud Strategy 2025
byTeleglobal International
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
The year in review - MarvelClient in 2025
bypanagenda
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Hybrid Cloud vs Multi-Cloud Strategy 2025
byTeleglobal International
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 

BlackDuck Suite

  • 1.
    The Black DuckSuite: Enabling Faster, Lower Cost Innovation with Open Source Software Black Duck Software
  • 2.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Agenda  Market Dynamics and Challenges  Meeting the Challenges  Overview of the Black Duck Suite  Summary
  • 3.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Evolution of Software Development Component-Based Development 1980’s 1990’s 2000’s Focus Code Design Individual Software Developer Scope Development Ecosystem Application Life Cycle Management Single Enterprise Project Team Collaboration
  • 4.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. The Promise of Open Source The Promise The Challenges Significantly reduce development costs – up to 90% – and accelerate time to market Billions of lines of available code  Management  Compliance  Security Realize the promise while eliminating the challenges The Black Duck Solution...
  • 5.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Black Duck Enables Multi-Source Development YOUR COMPANY Software Application Open Source Software Internally Developed Code Outsourced Code Development Commercial 3rd - Party Code  Individuals  Universities  Corporate Developers Code Obligations
  • 6.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Development Challenges Using Open Source at Scale Management  Leverage the right software from many sources  Increase productivity using component software  Encourage standardization of components & versions  Deliver timely support Compliance & Security  Comply with open source policies  Manage licensing and associated obligations  Complying with export regulations  Track security vulnerabilities Formal control of open source software lags adoption:  58% of companies surveyed do not have formal polices or guidelines for OSS Source: 451 Group, December 2009
  • 7.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Risks of Unmanaged Code Loss of Intellectual Property Export Regulations Injunctions Security Vulnerabilities Software Defects License Rights and Restrictions Contractual Obligations Escalating Support Costs
  • 8.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved.Copyright © 2007 Black Duck Software, Inc. All Rights Reserved. Confidential and Proprietary. The Story of Cisco’s Software Supply-Chain Developers modified firmware turning a low-end ($60) device into a high-function router The story continues... embedded the code in one of its chipsets used GPL code to customize Broadcom’s standard Linux distribution bought for $500M in 2003 adopted this technology into its WRT54G wireless broadband router Source code made available by FSF accused Cisco of a license violation
  • 9.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved.  Infringement  Valuation  Negative publicity  New revenue  Support costs  Vulnerability Risks of Open Source and Other Cases (VOIP Phone) (Wireless Router) (GPS Navigation) (Network Attached Storage) (WiMax, other ) (iPhone WIP300) (Home Hub Router)
  • 10.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Even Large, Well Run Software Companies Have Challenges : Microsoft Windows 7 GPL Violation The Windows 7 USB/DVD Tool Violated GPLv2 License • Code was “multi-source,” including code from an external supplier with OSS • Microsoft pulled the product from the Microsoft Store, then announced it is making the source code and binaries available Takeaways: • Even big companies make mistakes • OSS can enter from many sources • It’s difficult to manage OSS without both process and technology
  • 11.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Google Security Flaws  These vulnerabilities discovered within 24 hours of release  Easily avoided with the right solution
  • 12.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Pro-Active and Controlled Use of Open Source  Cost of defects – Minimal when issues are detected early in lifecycle – Grows 100-1,000X late in the lifecycle  Invest time and process to choose good code up front vs fixing problems later Capers Jones, Applied software measurement: assuring productivity and quality, 1999.
  • 13.
  • 14.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Meeting the Challenges of Using Open Source  You could automate manual approval processes and empower team members to collaborate? – Bring together legal, development, executive staff, others  You could automate discovery and validation to manage risk and ensure compliance? – Know what’s in your code base – Validate software bill of materials (BoM) before shipping – Know origins of external code  Development had a catalog of pre-approved components? – Eliminate unnecessary, redundant requests and approvals – Know and track where components are used  Finding the right open source was fast and easy? – Quality, maturity – Version – Understanding license obligations – Dependencies What if...
  • 15.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Black Duck Helps Unleash the Potential of Open Source Software  Workflow and approval for multi-user team collaboration with role-based access control – Eliminate approval delays, enhance group productivity  Automatically scan code base to identify open source and uncover hidden license obligations – Ensure compliance and confidently manage software origins and obligations  Catalog of pre-approved components – Saves time and effort – Encourages standardization and re-use  Industry’s most comprehensive open source KnowledgeBase – Enables fast, easy, search and selection of open source software
  • 16.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Case Study: InfoPrint Solutions “We chose Black Duck automation to improve productivity by supporting our software license approval processes, code validation and security alert processes. And more importantly, it gives us the highest confidence that we are in compliance with the licenses for the open source software embedded in our products.” – Mike Munger, Senior Technical Staff Manager InfoPrint Solutions Company Why InfoPrint chose Black Duck  Identify open source software  Automate approval process  Monitor security vulnerabilities on open source components Black Duck Code Center for approval automation Black Duck Protex servers validating BOM’s and performing license discovery  Manages legal risk  Enables collaboration around open source approvals  Streamlines processes Problem Solution Benefits
  • 17.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Case Study: Intel Corporation “We selected Black Duck because its knowledge base of open source software and the maintenance of that knowledge base were more robust than other solutions—and the more robust the knowledge base, the lower the risk that licensed software will be used inappropriately.” Why Intel chose Black Duck  Identify open source software  Automate verification and compliance  Improve collaboration between functions (development, legal, management, etc.) Black Duck Protex servers deployed globally, integrated with development tools  Identifies software conflicts early  Reduces rework  Lowers risk of legal issues Problem Solution Benefits
  • 18.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved.  Manage the risks and maximize the compelling benefits of multi-source development  Integrates with existing development tools and processes  Solves the three main challenges associated with multi-source development: Enabling Multi-Source Development Across the Application Lifecycle Management Compliance Security
  • 19.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Management  Create and share a catalog of approved components  Configurable, role-based approval workflow  Authentication and role-based access control for individual enterprise users  Comprehensive code and component search and selection Compliance  Automate code discovery, validation, audit  Ensure compliance with regulations and company policies  Manage and control software versions, origins & obligations (open source and other code)  Monitor known security vulnerabilities  Automatic updates to catalog with real- time alerts; track “where used”  Ensure selection of most secure open source components Security
  • 20.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Application Lifecycle Conceptualize Define Design Develop Build Test Deploy Search & Select Approve Validate Compliance Audit & Maintain Scan/Analyze Management, Compliance, Security
  • 21.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved.  IT  Security  Legal  Management  Quality Approval Company Policies Build, Test Systems Software Bill of Materials Scan & Validate Production Systems Development Catalog Component Requests Audit & Maintain SCM Search &Select Approved Components  Open source  Code prints  Vulnerabilities  Binaries KnowledgeBase Automated Workflow
  • 22.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Comprehensive Code Search Black Duck KnowledgeBase Internal Internal CatalogSCM Files Koders.com External Code Search  Find and re-use OSS and existing code across multiple repositories  Improve quality by more easily tracking down bugs/defects across the enterprise Source code Component Attributes
  • 23.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. The Black Duck Suite - Architecture  Scalable enterprise architecture  Modular design  Customizable  Extensible  Browser-based for anywhere, any time access  Integrates with existing ALM infrastructure KnowledgeBase SDK Core Framework UI Framework 23
  • 24.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Supporting Enterprise Collaboration
  • 25.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Typical Deployment of the Black Duck Suite Code Code Code Code Code Code Code Code Approval Validation Approval Scanning Source CodeCode Centralized approval with decentralized scanning & validation Validation ValidationValidation
  • 26.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. The Black Duck KnowledgeBase The Foundation of the Black Duck Suite The industry’s most comprehensive open source database Extensive metadata  Tens of billions of lines of code  From over 4,500 sites  Released under 1,800+ unique licenses  39,000+ security vulnerabilities  450+ cryptographic algorithms  Name, description, versions, URL  License, programming language, OS  National Vulnerability Database  Cryptography  Code Prints of source/binary  Other information Open Source Software  Uniquely addresses the “long tail” of OSS projects  Patented search & pattern-matching technologies  Continuously expanded  Custom Code Printing to add proprietary code  Daily security vulnerability alerts  Automated Metadata Updates issued ~2x month
  • 27.
    Black Duck Suite -Management - Compliance - Security - Code Search Koders.com
  • 28.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Developer Catalog  Faster and lower cost application development  Make better choices on the front-end of development process (100X less costly than fixing a defect later)  Increased reuse of good code – open source, licensed from 3rd parties  Authentication and access control for individual enterprise users  Avoidance of… – License problems – Version uncertainties – Security vulnerabilities KnowledgeBase  Developers  Security  IT  Legal  Management  Quality Approval Boards SourceForge RubyForge Eclipse.org Apache.org etc… Open Source Approval Flow Alerts OSS & Code Management
  • 29.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved.  Confidently manage software origins & obligations  Audit code base against approved components  Simplify code reviews and 3rd party licensing  Reduce costs while improving accuracy Application Server Projects Licenses Open Source Third Party Code Internal Code Compliance KnowledgeBase Review Board License Conflict Bill of Materials Developers Automated Workflow
  • 30.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved.  Find cryptographic code embedded in complex software  Automate compliance with encryption export policy and regulations  Simplify BIS/NSA notification and licensing  Generate audit and document compliance reports CryptoBase Developers Compliance Report Compliance: Encryption & Export Regulations
  • 31.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Security Vulnerability Management  Make informed choices early in the process to ensure selection and use of most secure open source components  Catalog of approved components is automatically updated  Monitor security vulnerabilities – Daily security alerts routed to customers – Automatic alerts are sent to appropriate owner for all components based on “where used” e.g., Apache Tomcat, Struts, MySql Where Used KnowledgeBase Alerts Developer Catalog Approved Components Approval Flow Management Alerts
  • 32.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved.  Fast search and increased visibility  Integration with development tools / SCM’s  Proven scalability to billions of lines of code Enterprise Code Search for Software Developers Developers SCM Internal Code Index CVS File System Subversion Code Search
  • 33.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Black Duck Suite Summary Features Benefits Completeness  Covers key processes– search, select, approve, validate and monitor  Provides the industry’s most comprehensive knowledge base of OSS Automation  Improves efficiency and speed in development  Development and approval processes  Ensures compliance with company policies Collaboration  Enables stakeholders -- development, legal, security, IT, trade compliance and others -- to work together to achieve shared objectives Scalability  “Enterprise-class” scalability, configurability, extensibility, and access-controlled security  Meets the needs of the largest software development organizations Integration  SDK with web services API  Integrates with existing developer tools  Certified “Ready for Rational”
  • 34.
    Copyright © 2010Black Duck Software, Inc. All Rights Reserved. Why Black Duck Pioneered open source code analysis market in 2002 Leadership products and services for managing open source throughout the application life-cycle Most comprehensive KnowledgeBase of open source software in the industry Most experienced vendor with largest customer base Responsive 24X7 support, global presence

Editor's Notes

  • #4 In the very early days of computing, product offerings seeking to improve developer productivity focused on tools for code design that could be used by the individual developer. For example, the first version of Turbo Pascal appeared in 1983. As the industry matured, the focus of innovation grew to facilitate the collaboration of groups of developers. For example, the (then revolutionary) revision management tool ClearCase was released by Atria software in 1992. Today, it’s the rare application that’s developed and coded from the ground up exclusively by internal resources. In the world of component-based development, where “reuse” is the mantra, developers are looking at a variety of sources of code; both internal and external. External sources of code are suppliers, partners and the open source community. We term the blending of the internal and external sources of code “the development ecosystem.” This brings us to the most recent (rightmost) stage in the history of innovation aimed at developer productivity which takes place in the era of component-based development.
  • #5 While Black Duck does not make open source software, we help our customers realize the promise it offers while minimizing or eliminating the challenges and risks associated with it.
  • #7 The challenges arise from mixing code from different sources: partner code, open source, internal code and vendor sourced. Each of these sources could be managing its own separate version of a code component. They could be incorporating conflicting software licenses into the code base. The code could have unexpected dependencies. The software ‘integrator’ is on the hook for robust and timely support, but the support model for open source code is an area that people must think about explicitly. Code from the development ecosystem could have varying levels of quality – some of it is great, some of it, not so great. If an organization implements compliance, it may involve many approval boards. The danger of thorough compliance is that it can be time consuming, slow to react and bureaucratic. Yet, it is a necessary part of software development in today’s complex and changing landscape.
  • #8 Many great companies have had bad things happen to them because they did not address the need for governance in their software supply chain. Loss of Intellectual Property: Cisco was forced to open source some code and ultimately lost control over a product line. Impact was probably millions in lost revenue. See the support slide on this. License rights and restrictions Contractual obligations Injunctions: When Monsoon Multimedia was sued by the software freedom law center, the suit requested an injunction (stop ship) on their product. This would be devastating for a business. Export regulations Security vulnerabilities Software defects Escalating support costs: Version proliferation
  • #27 Continuously Expanded (sub-bullets):Updated 9/9/08 Significant investment in automated tools Site mirrors for popular sites Open Source Licenses GPL LGPL Apache BSD CPL Creative Commons Eclipse Microsoft MIT Sun Open Source Sites Apache.org Eclipse.org Kernel.org Sun.com RubyForge.org Asterisk.com PlanetSourceCode.com Zope.org GNU.org CPAN.org MySQL.com SourceForge.net