STMicroelectronics Integrates Black Duck SCA and Coverity for Automated SBOM Generation and Enhanced Software Security
BURLINGTON, Mass., March 6, 2025 /PRNewswire/ — Black Duck® Software, Inc. (“Black Duck”), a leading provider of application security solutions, today announced that STMicroelectronics (NYSE:STM), a global semiconductor leader serving customers across the spectrum of electronics applications, has successfully implemented Black Duck Software Composition Analysis (SCA) to streamline software bill of materials (SBOM) generation and strengthen its software security practices. STMicroelectronics has also adopted Coverity Static Analysis to proactively identify cand remediate security vulnerabilities in software components, further strengthening the security posture of embedded software in its microcontroller products.
STMicroelectronics has leveraged Black Duck SCA to automate end-to-end SBOM generation, reinforcing software security for its latest ultra-low power product, the STM32U3 microcontroller.
With the enactment of the European Cyber Resilience Act (CRA), organizations are increasingly required to produce SBOMs and disclose vulnerabilities to improve software transparency and security. Black Duck offers a comprehensive portfolio of application security solutions, including Black Duck SCA for open source risk management and Coverity Static Analysis for finding code quality defects, helping companies address evolving regulatory requirements, and integrating security into their DevSecOps workflows.
Jacques Fournier, Director, Security Platform at STMicroelectronics, said:
Software-secure development lifecycle has always been a top priority for ST.
“Thanks to collaboration with a market leader such as Black Duck, we are reinforcing and optimizing our capacity to automatically generate SBOMs in a standardized, machine-readable format, Integrating new capabilities into our software development toolbox enables us to create seamlessly comprehensive SBOMs, while by supporting monitoring processes, we can streamline our support to our customers for secure-by-design solutions and comply with new regulations like the EU Cyber Resilience Act.”
Black Duck is a seven-time Leader in the Gartner® Magic Quadrant™ for Application Security Testing, a four-time Leader in the Forrester Wave™ for Software Composition Analysis, and a three-time Leader in the Forrester Wave™ for Static Application Security Testing.
Jason Schmitt, CEO of Black Duck, said:
STMicroelectronics sets an excellent example for how to integrate Black Duck SCA and Coverity seamlessly into their process for CRA compliance,
“This use case not only automates SBOM generation but also significantly enhances their ability to produce secure, compliant, high-quality products. At Black Duck, we are committed to helping organizations like STMicroelectronics build trust in their software by managing application risks at the speed their business demands.”
As a trusted leader in application security testing, Black Duck enables companies to manage open-source risks, detect security vulnerabilities in proprietary code, and align with regulatory expectations such as those outlined in the CRA. With this collaboration, STMicroelectronics is further enhancing its cybersecurity strategy in the microcontroller industry.
To learn more about how STMicroelectronics is using Black Duck solutions to secure the new STM32U3 microcontroller and their other products, visit them in Hall 4A, #148 at embedded world 2025 from 11-13 March.
READ the latest news shaping the cybersecurity market at Cybersecurity News Central
STMicroelectronics Integrates Black Duck SCA and Coverity for Automated SBOM Generation and Enhanced Software Security, source
