🎯Black Duck won an award for being the best tool to keep software supply chains safe. They also hired a new security chief, Dom Glavach, who will help make sure their security measures are strong, especially with all the new risks from software and AI.
What Happened
In a significant recognition of excellence, Black Duck was awarded the title of Best Supply Chain Security Solution at the 2026 SC Awards. This accolade comes at a time when supply chain attacks are becoming increasingly sophisticated, underscoring the need for robust security measures. As organizations rely on a multitude of open-source and third-party components, having complete visibility into these dependencies is essential to prevent major incidents like SolarWinds or MOVEit.
In addition to this recognition, Black Duck has appointed Dom Glavach as its new Chief Information Security Officer (CISO). Glavach brings over two decades of experience in enterprise security, national defense, and SaaS environments. His appointment reflects the growing importance of application and supply chain security as a board-level concern, especially in light of recent supply chain breaches affecting developer tools and AI-driven systems.
Black Duck's Software Composition Analysis (SCA) tool provides deep insights into every software dependency, including binaries and containers. This capability is crucial for identifying vulnerabilities, transitive risks, and malicious packages, which have emerged as significant attack vectors in recent years. The award reflects the platform's effectiveness in managing the complexities of modern software development.
Who's Affected
Black Duck's solution is utilized by thousands of organizations worldwide, ranging from large enterprises to startups. Its customer base spans various sectors, including financial services, healthcare, manufacturing, and software/IT services. As regulations tighten globally, the need for tools like Black Duck becomes even more pressing. The platform's ability to provide continuous vulnerability monitoring and ensure compliance with Software Bills of Materials (SBOM) requirements is particularly valuable. This makes it an essential tool for any organization looking to enhance its supply chain security posture.
What Data Was Exposed
While the article does not specify any data breaches or leaks, it emphasizes the importance of managing software dependencies and vulnerabilities. As software supply chains grow more complex, the risk of exposing sensitive data through vulnerabilities increases. Black Duck's advanced analysis capabilities help organizations mitigate these risks by ensuring that all components are secure and compliant with licensing requirements.
Moreover, with the rising use of AI-generated code, Black Duck's snippet analysis feature plays a vital role in identifying potential license conflicts and ensuring that organizations do not inadvertently use copyrighted or restricted code.
New Leadership and Security Focus
Dom Glavach's role as CISO will involve overseeing Black Duck's global security strategy, which includes enterprise security, governance, risk and compliance, and product security. His extensive background in leading security programs in high-stakes environments positions him well to tackle the challenges posed by open source software and fragile software supply chains. Glavach's appointment signals Black Duck's commitment to scaling securely while advancing industry standards in application and supply chain security.
What You Should Do
Organizations should consider adopting Black Duck's SCA tool to enhance their supply chain security. By leveraging its capabilities, teams can gain better visibility into their software dependencies and proactively manage vulnerabilities. This is especially important in light of increasing regulatory requirements for software supply chain transparency.
Additionally, companies should stay informed about the evolving landscape of supply chain security and regularly assess their security measures. Implementing a robust governance framework for vulnerability and license management within CI/CD pipelines can significantly reduce the risk of future attacks. As the cybersecurity landscape continues to change, tools like Black Duck will be critical in helping organizations navigate these challenges effectively.
The appointment of Dom Glavach as CISO underscores the increasing recognition of application and supply chain security as critical issues that require executive-level attention. His extensive background in security will be pivotal in navigating the complexities of modern software development and security challenges.
