Assessment Services
You are looking to quickly identify open source and third party code, and related licensing obligations. An assessment service provides all the benefits of Black Duck's pioneering technology as a tailored service. An Ex Machina consultant performs an automated code scan using the Black Duck Protex server and combines this data with information gathered using other means to compile a report documenting instances of open source and certain third party components in the analyzed code. The result is a fast, secure, simple and thorough analysis of your software intellectual property assets that your legal counsel and/or engineering teams can review and immediately act on.
A number of different scenarios can trigger the need for Ex Machina's Assessment Services. For instance, vendors using Assessment Services to proactively check for open source and third party code in to-be-released software products can rapidly address IP issues before they threaten a product launch schedule.
Our Assessment Services can also address a number of common challenges that can hamper the merger and acquisition process. In fact, by obtaining knowledge about open source components before a transaction occurs, acquiring companies reduce business risks and speed time to market. Acquisition targets, on the other hand, find that the service can improve their bargaining position and ultimately expedite the transaction.
Protex
Black Duck™ Protex is the market leader platform to help companies administer how their software assets are created, managed and licensed.
Companies of all sizes in all industries use licensed material such as open source and third party code as part of their software development process. The code is often free, easy to find and has been tested and improved by sometimes hundreds of developers.
With Protex, developers, legal counsel, and management can easily control the introduction of licensed material into their code base and manage the licensing requirements of the many various third party and open source components.
In addition, the Protex platform is flexible enough to fit into virtually any individual or collaborative workflow environment monitoring component code origins, applying policies, and performing multiple tasks within the system throughout the entire product development lifecycle.
How does Black Duck Protex work?
The Protex platform is based on the powerful combination of Black Duck’s advanced Code Print™ technology, automated license analytics, and the world’s most comprehensive code KnowledgeBase.
The KnowledgeBase contains billions of Code Prints representing many hundreds of software projects — and their corresponding licenses — that have been amassed and are regularly updated by Black Duck Software. By analyzing user code and automatically comparing it with the KnowledgeBase, licensed software elements can be quickly identified and licensing obligations determined and resolved before they become issues for the business.
How can Black Duck Protex help your company?
The Protex platform is designed to resolve IP issues throughout your entire product development life cycle. From identifying the origins of code to applying company policies to license requirements, Protex eliminates slow, costly and inaccurate manual code review.
Protex also provides an improved communication tool between developers and non-technical personnel who need to know what makes up your software code (such as legal counsel).
Code Center
With Black Duck™ Code Center, component-based software development is faster and more cost-effective, workflow is optimized, and security and policy integrity are standardized enterprise-wide.
Black Duck Code Center is your organization’s place to find and track reusable open source code. Code Center streamlines the search, selection, approval and tracking of software components, even across
geographically dispersed development organizations. It facilitates role-based interaction to speed development and manage open source code reuse choices. Productivity accelerates over time as Black Duck Code Center enables companies to create and internally publish a catalog of
approved open source code, encouraging standardization, capturing critical expertise and efficiently supporting open source approval criteria.
How does Black Duck Code Center work?
Black Duck Code Center augments your installed software development environment with a collaborative, up-to-date, enterprise-class framework. It facilitates straightforward management of open source and third-party code reuse across the software development lifecycle.
Black Duck Code Center enables organizations to
- quickly search and select the best open source code based on key information such as license, security vulnerability status, community support, internal feedback and a variety of other KnowledgeBase data
- expedite the approval process with a customizable enterprise-wide approval process
- track components enterprise-wide throughout their development lifecycle
- receive notifications about specific code, including vulnerability alerts, for which Code Center monitors the National Vulnerability Database. Code Center can quickly pinpoint where components are used – helping to accelerate code maintenance and vulnerability response time. For example, if 3 out of 500 applications in the organization are using a particular version of Apache Tomcat, and that particular version of Tomcat is discovered to have a security vulnerability, email alerts can be generated only for the internal owners of the 3 relevant applications.
How can Black Duck Code Center help your organization?
Black Duck Code Center safely accelerates software development. It helps you govern open source and third party code in alignment with your policies. By encouraging open source adoption and other third-party code reuse, you gain the cost savings, flexibility and robust quality of managed code adoption.
Export
Encryption is everywhere – even where you might not expect it. Software with encryption is built into many if not most applications on your cell phone/PDA, headset, server, alarm system, anything that communicates electronically. Encryption is essential to secure data from thieves and prying eyes.
Any company or organization exporting software that contains encryption is responsible for complying with government regulations. This includes cases in which the encryption comes with a 3rd party software component, like open source code. It also includes encryption that is unused, but included in binary images. Furthermore, many development organizations are surprised to learn that they must comply with export regulations even when transferring software to foreign design groups within their own organization!
Black Duck™ Export is the world’s first and only solution specific to encryption export compliance management for software and software-based assets. Companies worldwide depend on Export to analyze source code and identify cryptographic and encryption elements within their code.
How does Black Duck Export work?
Black Duck Export is an automated approach to analyzing your code and identifying encryption. Export relies on the Black Duck KnowledgeBase – the industry’s most complete and accurate collection of encryption algorithms and cryptographic components. Export's built-in analysis engine compares your source code and binary files to the KnowledgeBase to identify and catalog cryptographic elements and code components. The KnowledgeBase is updated with new additions from Black Duck on a regular basis in order to keep your analysis results current.
How can Black Duck Export help your company?
TWith Export, you can implement robust policies in support of your software export strategies. Export supports your development process by identifying encryption software within your products and helping keep an accurate work record for audit support.
The end-result is that Export delivers accurate, thorough and efficient export compliance performance, reduces business risks, and ensures timely international software/product distribution.
Black Duck Suite
The Black Duck™ Suite is an advanced enterprise-class solution to the unique management, compliance and security challenges associated with open source. It brings together the Black Duck Code Center, Export and Protex products into a unified framework. Code Center supports the front-end of the development process where developers search for and select open source components, as well as the ongoing monitoring of the components in use. Protex and Export are used on the back end of the process when code needs to be validated before it is deployed. The foundation of the Black Duck Suite is the Black Duck KnowledgeBase. Each of the Black Duck products is a modular component that fits into the KnowledgeBase and Suite framework and can be configured to meet individual needs and requirements.
