In response to the growing number of cybersecurity crises, the White House issued an executive order requiring all software sold to the federal government to provide a "Software Bill of Materials" (SBOM)
- Like the ingredient list on a food label, this <strong class="text-secondary">SBOM</strong> lists the software's components, internal modules, and complete supply chain
- Software Package Data Exchange (SPDX) has become an international standard (ISO/IEC 5962:2021)
Black Duck Strength
Black Duck differs from other SCA tools in five key areas.
Black Duck
-
Position
Global leaders quadrant
-
Weakness Intelligence BDSA
Quick update
-
Detection Technology
Snippet scan accurate
-
Integration
Full DevSecOps
-
Compliance Support
Built-in ISO/PCI
Others
-
Position
Startup/Regional Supplier
-
Weakness Intelligence
Dependence on NVD, delay
-
Detection Technology
Component matching, high false alarm rate
-
Integration
API-based, low integration
-
Compliance Support
Self organize required