One of the relatively newer teams within Black Duck is the Cybersecurity Research Center (CyRC), established in 2019.
And one of the major players on that team is Jonathan Knudsen, head of global research at CyRC.
In this episode of AppSec Decoded, recorded live at RSA 2022 in San Francisco, Knudsen talks with Taylor Armerding, security advocate at Black Duck, about CyRC’s major annual reports, including the “Open Source Software and Risk Analysis”(OSSRA) report, which uses anonymized data from M&A audits to develop a profile of how much open source is in the software ecosystem, how organizations are using it, and whether they’re keeping it up-to-date.
CyRC researchers also contribute to the quality of open source by providing a coordinated, responsible disclosure process when Black Duck researchers discover undisclosed defects in the software of other organizations.
As Knudsen puts it, it’s a win, win, win—it helps improve the quality of open source, and it’s a win for both the company and the researcher who discovered it.