Sorry, not available in this language yet

English
日本語
简体中文

AI-generated code | Harness the power of AI coding assistants while managing the risks.
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Program Consolidation | Simplify your application security program.
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage Enterprise AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud.
Open Source License Compliance | Effective solutions for ensuring open source license compliance.
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality and Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators.

Static Analysis (SAST) | Analyzing code for security vulnerabilities without executing it.
Software Composition Analysis (SCA) | Analyzing software components for security and license compliance.
Dynamic Analysis (DAST) | Testing running applications for security vulnerabilities.
Interactive Analysis (IAST) | Real-time security testing during application execution.
Penetration Testing | Simulated cyberattacks to identify vulnerabilities.
Mobile Application Security Testing (MAST) | Ensuring the security of mobile applications.
Application Security Posture Management (ASPM) | Managing and improving application security posture.
Fuzz Testing Solutions | Identifying vulnerabilities by inputting random data to applications.

Automotive | Security solutions for automotive industry applications.
Financial Services | Security solutions tailored for financial services.
IoT & Embedded | Security for Internet of Things and embedded systems.
Medical Devices | Security solutions for medical devices.
Public Sector | Security solutions for government and public sector organizations.

Dev and DevOps Teams | Security tools and practices for development and DevOps teams.
Security Teams | Solutions and support for dedicated security teams.
Legal Teams | Resources and compliance tools for legal teams.

Privacy Governance Statement

This privacy governance statement covers Black Duck Software, Inc. and its affiliated companies (“Black Duck”).

At Black Duck, privacy is a top priority. Our comprehensive privacy framework and governance model makes privacy a foundational element of our solutions and services. Our privacy governance model includes, but is not limited to, the following: 

1. Privacy by Design 
Our ‘Privacy by Design’ philosophy emphasizes privacy as a fundamental component of our solutions and services. Privacy is not merely a function of our privacy office. Rather, privacy considerations are embedded in our operations as a fundamental element, central to the global delivery of our solutions and services.  

2. Privacy Principles
We believe that the appropriate incorporation of robust and recognized privacy principles are essential to any privacy program. Some principles we consider to be important include the following:

A. Transparency. Transparency means being open about how your personal data is collected, shared, and processed.

B. Purpose Limitation. Purpose limitation means processing personal data for specific purposes and not processing them for unrelated purposes.

C. Data Minimization. Data minimization means collecting and processing personal data only as is reasonably needed to fulfill the purpose for which it is processed.

D. Education. Mandatory privacy training for all team members that is updated and refreshed regularly.

E. Security. Robust security measures commensurate with the risk are essential to any processing of personal data. Such principles areat the very core of our organization’s identity. See the Technical and Organizational Measures section for more information.

3. Privacy Impact Assessments
In providing services across the globe in multiple industries, we often conduct privacy impact assessments tailored to the specific services, solutions, and applicable jurisdictional regulations. Some of the aspects we may assess include the following: 

A. Data Localization Requirements 

B. Legal Basis for Processing

C. Notification Obligations

Where certain regulations require specific assessments, such as a data protection impact assessment, we meet or exceed such required analyses.

4. Cross-Border Transfers
Ensuring that personal data protection and handling principles follow the personal data across borders is a top priority. We perform specific transfer impact assessments to ensure the personal data remains protected and that it is processed in compliance with all applicable localization requirements. Some of the data transfer mechanisms we may initiate include EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and more.

5. Rights
Subject to applicable regulations, individuals have certain rights regarding their personal data. This may include such rights as access, portability, deletion, rectification, objection, and more. We respect these applicable rights and analyze all steps of the process to ensure that we can meet them within the specified timelines.

6. Suppliers and Other parties
Like all businesses, we sometimes rely on other suppliers to help us deliver the most compelling products and solutions to you. In context of the relationship and the processing, we execute appropriate contractual obligations for the purposes of protecting personal data throughout its lifecycle. For instance, if a supplier is processing personal data on our behalf, we require a data processing addendum with specific handling and notification requirements.

7. Controller/Business and Processor/Service Provider Classifications
For the solutions we provide you, if we do collect or otherwise process personal data, it is normally limited to minimal personal business contact information and login credentials. We process the business contact information for the purposes of managing the contractual relationship, communicating with you about the contract, billing, and related administrative purposes. With regards to login credentials, passwords are often hashed and a user can use any name or email address they choose. If you choose to use a Single Sign On support, we do not store passwords.

Where we do process login credentials, we do so for the purpose of enhancing the security of our hosted systems. Since we are determining the means and purposes of the processing of such limited personal data as described iherein, we are, in nearly all cases, an independent data controller.

8. Technical and Operational Measures 
Our unwavering commitment to security solutions is not just a policy but is the very heart of who we are and what we do at Black Duck. We employ a wide range of robust technical and organizational measures designed to protect the confidentiality and integrity of data across all stages of the data lifecycle incorporating security at the very conception through storage and deletion. For each situation, we meticulously and expertly consider the appropriation incorporation of robust frameworks, measures, and standards including NIST, ISO, SAE, Encryption, Role Based Access Controls, SDLC methodologies, and more. Our efforts are tailored not just to meet the GDPR, CCPA, PIPL, HIPAA, NYC and other regulations that apply to data processing, but to consider evolving threats and changes in the environment.

9. Data Incidents
Having an incident response plan to mitigate any security incident is an important part of any data protection plan. Black Duck has a company-wide incident response plan designed to allow us to quickly take the steps needed to minimize harm and secure customer data in the case of an incident. This plan includes notifying affected data subjects promptly after becoming aware of an incident involving a data breach.

10. Privacy Office
Our commitment to privacy includes a dedicated privacy office to answer your questions or discuss your concerns. We aim to provide you peace of mind. Please feel free to contact us at [email protected]. 

Last updated on October 28, 2024.