Black Duck Software uses AI to speed up sending security advisories to customers. By using AI, the company says it can send about five times as many notifications per month. This article is part of the “CXO AI Playbook” – candid stories from business leaders about how they’re testing and using AI.
In the CXO AI Playbook, Business Insider features mini-case studies of AI adoption across industries, company sizes, and technology DNAs. We asked each of our featured companies to tell us about the problems they are solving with AI, who makes these decisions within their companies, and their vision for the future of using AI.
Black Duck Software (formerly Synopsys Software Integrity Group) provides security products and services, including security testing, auditing, and risk assessment, to help enterprises protect their software. Black Duck is headquartered in Burlington, Massachusetts and has approximately 2,000 employees.
Situation analysis: What problem was the company trying to solve?
Beth Rinker, senior director of product management for AI and static application security testing at Black Duck, said the company has been using artificial intelligence internally for several years, but only recently started developing the technology for customers. said that it had started.
The company sends Black Duck Security Advisories (BDSA) to notify users that their software is at risk and could be exploited. Linker said Black Duck started using generative AI to send BDSAs faster this spring so customers can act quickly to address issues.
Beth Linker is Senior Director of Product Management for AI and Static Application Security Testing at Black Duck. Provided by Black Duck
The need for a faster BDSA arose after the National Vulnerability Database, a government cybersecurity resource that provides information on data threats, began publishing fewer vulnerability reports due to a backlog. At the same time, the Linux kernel, an open source operating system, started reporting more risks, and the number of disclosed vulnerabilities increased significantly, Linker said.
“The net effect was that suddenly there were far more vulnerabilities and less support from the National Vulnerability Database,” Linker said. “This made things even more difficult for our customers because they didn’t have all the information they were previously receiving.”
Key staff and partners
Rinker said Black Duck’s engineering and research teams are involved in integrating Generation AI with BDSA. The system also uses several large language models that are commercially available.
AI in action
Linker said Gen AI’s acceleration of BDSA delivery is an opportunity to provide customers with “timely and comprehensive data feeds for decision-making.”
To speed up BDSA, Black Duck developed prompts to enter into the commercial LLM to query internal data. This information is used to create an advisory report. Previously, this process was done manually.
Researchers review each AI-generated report before sending it to customers. “Illusions are a risk, and everything we put in front of our customers has to meet certain quality standards,” Linker said.
Once the BDSA is created, the research team reviews the report and provides analysis and context regarding the severity of the identified vulnerabilities. This helps customers make decisions about risk. Some vulnerabilities may require immediate attention, while others are less serious and may be fixed during a planned software update.
Did it work and how did the leaders know?
According to Linker, more than 5,200 BDSAs were created using AI from March to October, and the company is now able to send approximately five times the number of notifications each month than it was able to send before deploying the technology. Now it looks like this.
“We were able to really scale this up to meet our needs,” they said.
What’s next?
Black Duck recently announced Polaris Assist, an AI-powered security assistant. This new addition to the platform will enable our customers’ security and development teams to work more efficiently. LLM combines the company’s existing application security tools to provide an automatic summary of detected vulnerabilities and suggestions on how to fix the code.
“It’s still a work in progress,” Rinker said. Polaris Assist is currently in beta testing, which is expected to end by the end of the year.
They added that Black Duck continues to invest in AI to serve its customers. “A lot of this will be about how we can make application security testing and remediation easier, faster, and more scalable,” they said.
