在过去的15年中,黑鸭子审计一直是业界最值得信赖的开源并购尽职调查溶液和内部合规。当速度和准确性是至关重要的,高科技企业和创业公司,PE公司以及法律顾问选择开源,安全,质量,合规性审计服务,黑鸭子。

什么,你不知道能不能伤害你

当合并和收购(M&A)交易的议案是什么在代码事项。在应用程序中未被发现的开放源代码可导致昂贵的许可违规行为。这些因素,再加专有的安全漏洞,开源,以及其他第三方软件一起,可以对您的软件资产的价值显著的负面影响。

快速的结果。透彻的分析。内心的平静。

无论您是收购还是被收购,则需要审核的合作伙伴,能提供快速,可信的和全面的软件审计,以减轻这些风险。

黑鸭子软件审计所提供的信息贵公司的需求快速评估范围广泛的软件,在你的收购目标的软件或您自己的风险。获取的完整图像开源许可义务应用安全和代码质量风险,这样就可以使有信心的决策。

免费检查咨询

拨打热线审计
+1 781.425.4444
或填写以下表格,我们的审计专家将与您联系。

250/ 250

许可证合规性审计

Open Source and Third-Party Code Audit

Open Source and Third-Party Code Audits draw on the Black Duck KnowledgeBase™ to provide you with a complete open sourcebill of materials(BoM) for the target codebase, showing all open source components and associated license obligations and conflict analysis.

Open Source Risk Assessment

The OSRA builds on the Open Source and Third-Party Code Audit to provide a detailed view of open source risks in the codebase, including known security vulnerabilities and maintenance risks.It relies on Black DuckEnhanced Vulnerabilitydata not available in the National Vulnerability Database (NVD), and can serve as a high-level action plan to prioritize research and potential remediation actions.

Web Services and API Risk Audit

The WSRA gives you a listing of the external web services used by an application, with insight into potential legal and data privacy risks.The summary report allows you to quickly evaluate web services risks across three key categories: governance, data privacy, and quality.

Learn more

开放源代码风险评估

Penetration Test Audits

Penetration Test (ethical hacking) Audits assess the security robustness of a software asset through an examination of the application in its full running state.They include exploratory risk analysis to bypass security controls (such as WAF and input validation) as well as attempts to abuse business logic and user authorization to demonstrate how hackers might gain access and cause damage.

Static Application Security Test Audits

SASTAudits combine automated tool-based scans with a source code review to systematically find critical software security vulnerabilities such as SQL injection, cross-site scripting,buffer overflows, and the rest of the OWASP Top 10.

Security Controls Design Analysis

SCDA evaluates the design of key security controls—including password storage, identity and access management, and use of cryptography—against industry best practices to determine whether any are misconfigured, weak, misused, or missing.SCDA finds system defects related to security controls in the design of the application;no testing or analysis of the application or code is performed.

Learn more

代码质量审核

Code Quality Audit

Code Quality Audits combinestatic analysis toolsand manual code review to analyze code quality.Results are compared to industry benchmarks to assess quality, reusability, extensibility, and maintainability in proprietary code.Experts interpret the results and provide recommendations for addressing shortfalls in code quality.

Software Development Audit

Software Development Audits offer a complete analysis of the processes and practices that compose the software development life cycle (SDLC).Experts conduct in-depth interviews with a small number of key personnel to gain insight into the quality and maturity of development practices, including coding standards, processes, and tools.From this, they provide recommendations for improving code quality while reducing development and maintenance costs.

Design Quality Audit

Design Quality Audits use experienced architects and powerful architectural analysis tools powered by Silverthread, to assess overall architecture in terms of modularity and hierarchy, thus rounding out a complete picture of the health of the software.The report includes analysis on how the architecture impacts maintainability and identifies potential risk areas that are candidates for code refactoring.

Encryption Audit

Encryption Audits identify the encryption functions in proprietary, open source, and other third-party software components so you can disclose the proper information to government regulators to assure compliance with export regulations and avoid export restriction.These audits also enable you to ensure that the encryption code in the product meets your corporate security requirements.

Learn more about Black Duck audits

Video

PointClickCare

Find out how PointClickCare uses Black Duck On-Demand by Synopsys to make sure their patient data stays secure.

看 the testimonial

Video

Managing the Threat in Mergers & Acquisitions

The prevalence of open source in applications today poses risks in the realm of M&A.