The report states: "An astonishing 77% of codebases are comprised of open-source software, which means a considerable amount of an application's risk is due to third-party sources. Application security and development leaders depend on SCA tools for insight into the security risks and licensing concerns associated with open-source and third-party libraries. SCA providers stand out by not only efficiently identifying and addressing security and license risks but also embracing use cases related to the software supply chain."
Within the current offering category, Black Duck received the highest possible scores in the following criteria:
- Component Identification & Analysis
- License detection, analysis, & guidance
- Risk intelligence
- SBOM generation, export, and sharing
- SBOM ingestion and analysis
- Policy management
- Language support
Within the strategy category, Black Duck received the highest possible scores in the following criteria:
- Innovation
- Supporting services and offerings
According to the report, "Black Duck Software offers exceptional open-source, third-party, and closed-source component and snippet analysis for vulnerability, license, and copyright detection. SBOM management, generation, export, ingestion, and analysis capabilities are among the best in this evaluation. Policy management is a strength, with more than 40 criteria for operational health, license risk, and security risk."
"We're proud to be recognized by Forrester as a leader in this evaluation just six weeks after launching Black Duck as an independent company," said Jason Schmitt, CEO of Black Duck. "Identifying and managing risk in open source software components and the broader software supply chain is a critical part of building trust in your software. As a pioneer in software composition analysis with highly differentiated technology and an open-source database that has been developed and enhanced over several decades, Black Duck SCA is uniquely positioned to help organizations across all industries secure their software supply chains."
Download a complimentary copy of The Forrester Wave™: Software Composition Analysis, Q4 2024.
About Black Duck
Black Duck®, formerly known as the Synopsys Software Integrity Group, offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. Learn more at www.blackduck.com.
SOURCE Black Duck Software
Share this article