UltraViolet Cyber Acquires Black Duck’s Application Security Testing Services

UltraViolet Cyber announced it has acquired Black Duck’s Application Security Testing (AST) services business, expanding its offensive and defensive cybersecurity operations with a wider portfolio of testing and assessment offerings.

The acquisition brings penetration testing, red teaming, threat modeling, cloud and container risk assessments, architecture risk analysis and secure software development consulting under UltraViolet’s umbrella.

These capabilities are said to enhance the company’s ability to help enterprises and federal agencies detect risks earlier in the development lifecycle, particularly as organizations face challenges from AI-generated code, open-source dependencies and multi-cloud environments.

Priorities for CISOs and security executives

Ira Goldstein, CEO of UltraViolet Cyber, told SecurityInfoWatch that CISOs should focus on integrating security from the outset and maintaining it continuously throughout the software development lifecycle.

“With the acquisition, our expanded capabilities help our customers address risks from AI-generated code, open-source dependencies and multi-cloud deployment, enabling faster, more resilient delivery,” he said. “Our experience is that many security defects found in software are architecture related security flaws. The best way to detect these is via Threat Modeling which can be done even before coding begins. Once a resilient architecture is in place, continuous threat exposure management will validate whether code changes trigger new risks.”

AI-generated code tops near-term risks

Goldstein identified AI-generated code as the greatest immediate risk for business leaders. “The rapid proliferation and limited guardrails create exposure that organizations must address,” he explained.

While he acknowledged that over time AI-generated code may become more resilient, he noted there will always be a role for both automated and human-driven testing.

Goldstein described open-source reliance as a medium-term challenge, given the limitations of current supply-chain security tools.

“Put simply, the more open-source libraries that make up your production application, the less control you have over the quality and lifespan of those components,” he said.

Unifying offensive and defensive security

UltraViolet’s strategy also emphasizes unifying offensive and defensive approaches.

“Most organizations build a wall between offensive and defensive security,” Goldstein said. “We see the world differently, and our customers agree — the most effective way to build defense in depth is to build a concentric process between continuous assessment and consistent defenses.”

In the announcement, Jason Schmitt, CEO of Black Duck, said the acquisition ensures that customers will continue to receive industry-leading testing services while benefiting from greater scale and scope as part of UltraViolet’s platform. Black Duck will continue its core software and SaaS business while maintaining professional and managed services through its new partnership with UltraViolet.

Aanand Radia of Achieve Partners, the equity sponsor in the deal, stated the acquisition ensures UltraViolet remains at the forefront of unifying offensive and defensive operations to help organizations keep pace with adversaries.

UltraViolet’s expansion follows its recent recognition on the Inc. 5000 list of fastest-growing private companies.