Cigital (now Synopsys)
Software Security by Design
IvaraX Analysis
Black Duck provides enterprise-grade application security program strategy and planning services, anchored by the industry-recognized BSIMM assessment framework. The company combines deep consulting expertise with comprehensive benchmarking data to help organizations understand their security maturity and develop actionable improvement roadmaps.
Key Strengths
- +Proprietary BSIMM methodology recognized as an industry standard for AppSec maturity assessment
- +Extensive benchmarking database enabling meaningful peer comparisons across industries
- +Comprehensive service offerings from initial assessment through implementation and ongoing support
- +Strong integration between consulting services and technical security testing tools
- +Proven track record with recognition as a Leader in application security for eight consecutive years
Ideal For
- →Enterprise organizations seeking to benchmark and improve their application security programs
- →Companies undergoing digital transformation requiring comprehensive security program development
- →Organizations in regulated industries needing compliance-focused security strategies
- →Businesses looking to integrate security into DevSecOps and CI/CD pipelines
Things to Consider
- !Services appear oriented toward enterprise-scale organizations, which may be less suitable for smaller companies with limited security budgets
- !Full value realization may require adoption of multiple Black Duck products and services
- !Organizations should assess whether they have internal resources to execute on recommended action plans
About Cigital (now Synopsys)
Black Duck (formerly Cigital, now part of Synopsys) is a leading provider of application security program strategy and planning services. The company specializes in helping organizations assess, benchmark, and improve their software security initiatives through comprehensive assessment methodologies, most notably the Building Security In Maturity Model (BSIMM). With over a decade of experience in application security maturity assessments, Black Duck has established itself as a trusted partner for organizations seeking to understand and enhance their security posture relative to industry peers. The company offers a robust portfolio of services including BSIMM assessments, Maturity Action Plans (MAPs), and strategic consulting to help organizations build world-class application security programs. Their approach combines benchmarking data from hundreds of participating organizations with actionable guidance for security program design, implementation, and continuous improvement. Black Duck's services address modern security challenges including DevSecOps integration, cloud security, software supply chain security, and EU Cyber Resilience Act compliance. As part of the broader Black Duck platform, the company provides an integrated suite of application security testing tools alongside its consulting services, enabling organizations to implement comprehensive security programs that scale with their needs. Their expertise spans multiple industries including automotive, financial services, healthcare, IoT, and public sector organizations.
Why Choose Cigital (now Synopsys)
- Industry-leading BSIMM assessment methodology with benchmarking data spanning 200+ metrics across 4 domains and 12 practices
- Over a decade of experience helping organizations build and mature application security programs
- Actionable Maturity Action Plans (MAPs) that provide step-by-step guidance for security program improvement
- Comprehensive peer benchmarking capabilities allowing organizations to compare their security posture against industry peers
- Integration with a full suite of application security testing tools for end-to-end program implementation
Services
Application Security Program Strategy & PlanningBSIMM AssessmentMaturity Action Plan (MAP)Open Source & Security AuditsImplementation & DeploymentCustomer Success & SupportStatic Analysis (SAST)Software Composition Analysis (SCA)Dynamic Analysis (DAST)Interactive Analysis (IAST)Fuzz TestingApplication Security Posture Management (ASPM)
Technologies
Polaris PlatformSignal AI AppSecCoverity StaticBlack Duck SCASeeker InteractiveDefensics Protocol FuzzingSoftware Risk Manager ASPM
Tech Stack(detected from website)
SaaS Platform (Polaris Platform)Static Analysis (SAST)Software Composition Analysis (SCA)Dynamic Analysis (DAST)Interactive Analysis (IAST)Application Security Posture Management (ASPM)Protocol Fuzzing (Defensics)AI-powered security (Signal AI)
Categories
Company Info
- Headquarters
- Burlington, MA, US
