UltraViolet Cyber Acquires Application Security Testing Service from Black Duck
UltraViolet Cyber has acquired the application security testing services arm of Black Duck Software as part of an effort to expand the scope of the managed security services it provides.
Company CEO Ira Goldstein said this addition to its portfolio will provide penetration testing, red teaming, threat modeling, cloud and container risk assessments, architecture risk analysis, and secure software development consulting.
Demand for those services will continue to exponentially increase as the amount of flawed code created using artificial intelligence (AI) tools continues to exponentially increase, he added.
Black Duck Software, formerly known as Synopsys Software Integrity Group, was spun out of Synopsys last year after being initially acquired in 2017. Since then Black Duck Software has been extending the reach of its software code analysis tools by, for example, infusing them with artificial intelligence (AI) capabilities. UltraViolet Cyber is now, as a result of acquiring the service arm of Black Duck Software, making those tools available within the context of a larger service portfolio.
Those services are being added at a time when many organizations are moving away from segregated offensive (red) and defensive (blue) teams to strengthen cybersecurity toward a more collaborative approach where members of these teams work more collaboratively, also known as purple teams, noted Goldstein. That strategy typically results in a better understanding of how complex the overall IT environment actually is, he added.
It’s not clear to what degree organizations are relying more on services providers to test application security, but in general there is a greater appreciation for the need as cybercriminals become better able to exploit vulnerabilities in software. The one thing that is certain is organizations continue to find it difficult to hire and retain cybersecurity staff, which in turn drives them to rely more on services.
Overall, the Futurum Group is projecting that the cybersecurity market will grow at a compound annual growth rate (CAGR) of 11.6% from 2024 to 2029 to reach $287.6 billion in revenue as investments are spread across multiple classes of technologies and solutions. Specifically, application security is forecast to grow from $8.6 billion in 2024 to $16.68 billion by 2029, representing a 14.2% CAGR, while data security is expected to grow from $23.5 billion in 2024 to $42.85 billion by 2029, representing a CAGR of 12.8%.
Unfortunately, it’s not always clear who within an organization is responsible for application security. In some instances, it’s the cybersecurity teams while in other organizations it might be the application development team. Regardless of who is responsible for securing applications, the volume of code that needs to be tested for vulnerabilities is only going to increase in an era where adversaries will increasingly be using AI to discover more of them faster.
Of course, the easiest vulnerability to fix is the one that never makes it into a production environment in the first place. The issue then becomes making sure that the application security tests that discover those vulnerabilities are run as often and consistently as possible.
