In This Article:
BURLINGTON, Mass., March 6, 2025 /PRNewswire/ -- Black Duck® Software, Inc. ("Black Duck"), a leading provider of application security solutions, today announced that STMicroelectronics (NYSE:STM), a global semiconductor leader serving customers across the spectrum of electronics applications, has successfully implemented Black Duck Software Composition Analysis (SCA) to streamline software bill of materials (SBOM) generation and strengthen its software security practices. STMicroelectronics has also adopted Coverity Static Analysis to proactively identify and remediate security vulnerabilities in software components, further strengthening the security posture of embedded software in its microcontroller products.
STMicroelectronics has leveraged Black Duck SCA to automate end-to-end SBOM generation, reinforcing software security for its latest ultra-low power product, the STM32U3 microcontroller.
With the enactment of the European Cyber Resilience Act (CRA), organizations are increasingly required to produce SBOMs and disclose vulnerabilities to improve software transparency and security. Black Duck offers a comprehensive portfolio of application security solutions, including Black Duck SCA for open source risk management and Coverity Static Analysis for finding code quality defects, helping companies address evolving regulatory requirements, and integrating security into their DevSecOps workflows.
"Software-secure development lifecycle has always been a top priority for ST. Thanks to collaboration with a market leader such as Black Duck, we are reinforcing and optimizing our capacity to automatically generate SBOMs in a standardized, machine-readable format," said Jacques Fournier, Director, Security Platform at STMicroelectronics. "Integrating new capabilities into our software development toolbox enables us to create seamlessly comprehensive SBOMs, while by supporting monitoring processes, we can streamline our support to our customers for secure-by-design solutions and comply with new regulations like the EU Cyber Resilience Act."
Black Duck is a seven-time Leader in the Gartner® Magic Quadrant™ for Application Security Testing, a four-time Leader in the Forrester Wave™ for Software Composition Analysis, and a three-time Leader in the Forrester Wave™ for Static Application Security Testing.
"STMicroelectronics sets an excellent example for how to integrate Black Duck SCA and Coverity seamlessly into their process for CRA compliance," said Jason Schmitt, CEO of Black Duck. "This use case not only automates SBOM generation but also significantly enhances their ability to produce secure, compliant, high-quality products. At Black Duck, we are committed to helping organizations like STMicroelectronics build trust in their software by managing application risks at the speed their business demands."