Open source becomes more critical to the growth and success of global enterprises every day. Black Duck Software helps organizations get the most from open source, with solutions that preempt open source cyber attacks, ensure license compliance, and maximize developer productivity. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Northern Ireland, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing.

For Customers

Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Mitigate security and compliance risks and automatically enforce open source policies using your existing development tools and processes.

For the Open Source Community

Black Duck community resources connect organizations to the world of open source, while helping open source developers connect with each other to find, utilize and contribute open source code.

  • The Black Duck Open Hub, the most comprehensive public directory of open source software, offers developers an in-depth look into individual open source projects for evaluating, tracking, and comparing over 550,000 projects. The Open Hub's project data is freely licensed under Creative Commons, enabling further analysis and tracking.
  • The Black Duck blog is a preeminent destination for open source industry experts to share news, trends and opinions about the adoption and enablement of open source.
  • Open Source Rookies of the Year is a Black Duck program recognizing the top open source projects initiated each year.
  • The Future of Open Source Survey is an annual gauge of key trends and the issues facing organizations in the open source community.


Black Duck Hub: Black Duck Hub helps security and development teams identify and mitigate open source related risks across an application portfolio. Black Duck Hub continuously scans your projects for newly introduced open source, and helps you manage security vulnerabilities before they become problems. Updated regularly from the National Vulnerability Database (NVD) and using Black Duck’s exclusive Enhanced Vulnerability Detection capabilities to deliver more comprehensive and timely information, the Black Duck Hub KnowledgeBase™ maps open source libraries with critical metadata on vulnerabilities, licensing, community activity, and versions.

Black Duck Protex™: The industry’s leading solution for managing open source license compliance. Protex integrates with existing development tools to automatically scan, identify, and inventory open source software, allowing you to understand license obligations, conflicts and risks. This enables you to mitigate these risks by enforcing license compliance and corporate policy requirements.


GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021

SEWP Contracts


Contract Number: Group A Small: NNG15SC03B Group D Other Than Small: NNG15SC27B Term: May 1, 2015 - April 30, 2020

State & Local Contracts

City of Seattle Contract

Contract #0000003265 Term: December 19, 2021


Contract # CMAS 3-12-70-2247E Term: through March 31, 2022

eVA- Virginia's Total e-Procurement Solution

Vendor ID #: E51768

Fairfax County IT Hardware, Software, & Services

Virginia- Fairfax County CONTRACT EXPIRATION: October 4, 2020 (with 5 option years)

Ohio State Contract- 534354

Contract # 534354 Term: December 19, 2021

Orange County National IPA Co-Op

Through May 31, 2020 (with 2 option years)


Contract Number: UVA1482501 Term: May 2, 2014– December 19, 2021

VITA Contract

Term: through March 31, 2019


Archived Events



With over a decade of expertise, Black Duck customer ClickFox transforms big data into connected, dynamic journeys to deliver billions in incremental revenue, operational efficiencies, and customer satisfaction improvements to its clients. ClickFox’s Fortune 500 customers include some of the world...

Docker containers are revolutionizing application packaging and distribution. They’re lightweight and easy to build, deploy, and manage. But what about security? Your containers include more than the applications your team builds. They also bundle all the third-party software and Linux modules tho...

ACCORDING TO SAP, more than 80 percent of all cyberattacks are happening on the application layer1, specifically targeting software applications rather than the network. Hackers take the easiest path when determining exploits and choose applications that offer the best attack surface opportunities. ...

Entersekt products secure millions of transactions each day by allowing financial institutions to communicate interactively with their customers through mobile devices. For its banking and other financial services customers, the security of the Entersekt product is of cardinal importance – as it i...

The Black Duck® KnowledgeBaseTM is the industry’s most comprehensive database of open source software and associated license and other information. It contains open source code from thousands of internet sites,from general-purpose repositories (e.g., github.com, Source-Forge.net, Savannah.gnu.org...

Founded in 2003, ScienceLogic simplifies data center, cloud, system, and network monitoring with their all-in-one IT operations. Over 25,000 global service providers, enterprises, and government organizations rely on ScienceLogic every day to enhance their IT operations. With ScienceLogic’s platfo...

Founded in 2003, ScienceLogic simplifies data center, cloud, system, and network monitoring with their all-in-one IT operations. Over 25,000 global service providers, enterprises, and government organizations rely on ScienceLogic every day to enhance their IT operations. With ScienceLogic’s platfo...

Today, 85% of security attacks target software applications, according to SAP. Not surprisingly, there is an array of application security tools on the market to help companies address security risks, and they vary in both approach and coverage.

As Android continues to play a key role in the mobile world and beyond, organizations are realizing that they need to have a deeper understanding about what goes on inside Android. While Android is feature rich and free in terms of acquisition cost, it’s not a “free lunch.” Made of a comple...

Over the past decade, a powerful new approach to development – open source software (OSS) – has risen to prominence, dramatically increasing the opportunity to reuse existing software. As with commercial components, the ownership of externally developed open source components and fragments...