Red Hat, Inc. (NYSE: RHT), the world’s leading provider of open source solutions, and Black Duck Software, a global leader in automated solutions for securing and managing open source software, today announced a collaboration to establish a secure and trusted model for containerized application delivery by providing verification that application containers are free from known vulnerabilities and include only certified content. This validation is a major step forward in enabling enterprise-ready application containers, and builds upon the strengths of each company – Red Hat’s leadership in container technologies and solutions, including its platform and certification strategy, and Black Duck’s unique position as the provider of the most comprehensive identification and earliest notification technologies of open source vulnerabilities.
Red Hat and Black Duck are extending the value of Red Hat’s platform and certification process to the broader developer community and our customers in addition to our robust partner ecosystem.
Because containers enable consistent operating environments for development, testing, and deployment, they are quickly becoming a mainstream technology. Container security, however, – including provenance, certification, policy and trust – has emerged as a challenge for enterprise adoption. A recent survey of global IT professionals commissioned by Red Hat through TechValidate showed that more than 60 percent of respondents identified container security, certification, and image provenance as key issues.
Underscoring these concerns is the fact that more than 30 percent of official images in the Docker Hub contain high priority security vulnerabilities, according to a May 2015 study by BanyanOps. Thus, enterprise-level Deep Container Inspection (DCI), combined with certification, policy and trust, will be integral to the development, deployment, and management of containers – which is exactly what the collaboration between Black Duck and Red Hat is aimed at providing.
As an initial part of the collaboration, the companies plan to integrate Black Duck’s container scanning and open source security vulnerability-mapping software - Black Duck Hub - with OpenShift, Red Hat’s Platform-as-a-Service (PaaS) offering, providing reports and data on potential vulnerabilities present in container images made available in the OpenShift registry, a Red Hat-backed repository of validated, secure and trusted container images. Black Duck’s KnowledgeBase provides the backbone for the Hub, and includes information on 1.1 million open source projects, with detailed data on more than 100,000 known open source vulnerabilities across more than 350 billion lines of code.
Black Duck Hub identifies and inventories the open source code in an application, maps any known open source security vulnerabilities and dynamically monitors the inventory, providing alerts on any new vulnerabilities affecting the code.
OpenShift is the first enterprise-ready, web-scale container application platform based on Docker-formatted Linux containers, Kubernetes orchestration, and Red Hat Enterprise Linux. When used with the Black Duck Hub, OpenShift customers can consume, develop and run containerized applications with increased confidence and security, knowing that these applications contain code that has been validated/certified.
In addition, the companies plan to include Black Duck technologies as a set of complementary services within Red Hat’s current container certification workflow for application builders such as Independent Software Vendors (ISVs). Red Hat previously announced an end-to-end certified container ecosystem strategy focused on enterprise readiness and support, similar to the work the company achieved with Linux in the enterprise. Black Duck’s scanning and vulnerability-mapping technology, reporting and KnowledgeBase integration will add to an already robust container certification process.
Lou Shipley, CEO, Black Duck
“Container technology is another breakthrough in the constant drive to increase development agility and get products to market more quickly. Speed and agility are key drivers for container adoption in the enterprise, but not at the expense of security. The Black Duck-Red Hat collaboration is rooted in the collective value that we deliver from an open source perspective, by helping to make containers safe for enterprise use.”
Lars Herrmann, General Manager, Integrated Solutions, Red Hat
“A significant part of an enterprise-ready container strategy is the ability to trust the code across the entire lifecycle of a containerized application, from development to management. Red Hat and Black Duck are extending the value of Red Hat’s platform and certification process to the broader developer community and our customers in addition to our robust partner ecosystem. This collaboration demonstrates Red Hat’s continued commitment to delivering not only Linux container-based innovation, but also the tools and ecosystem to help enterprises adopt containerized applications that are secure, certified and supported.”
Connect with Red Hat
Learn more aboutRed Hat
Get more news in the Red Hat newsroom
Read the Red Hat blog
FollowRed Hat on Twitter
FollowRed Hat on LinkedIn
Connect with Black Duck Software
About Black Duck Software
Organizations worldwide use Black Duck Software’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in Mountain View, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.
- About Red Hat
Red Hat is the world’s leading provider of open source software solutions, using a community-powered approach to reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As a connective hub in a global network of enterprises, partners, and open source communities, Red Hat helps create relevant, innovative technologies that liberate resources for growth and prepare customers for the future of IT. Learn more at http://www.redhat.com.
- Forward-Looking Statements
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to the ability of the Company to compete effectively; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; delays or reductions in information technology spending; the effects of industry consolidation; the integration of acquisitions and the ability to market successfully acquired technologies and products; uncertainty and adverse results in litigation and related settlements; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; risks related to data and information security vulnerabilities; ineffective management of, and control over, the Company's growth and international operations; fluctuations in exchange rates; and changes in and a dependence on key personnel, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission's website at http://www.sec.gov), including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as earthquakes and floods. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of this press release.