Collaboration to help developers, customers and partners build and
run trusted, secure applications with Red Hat container technologies
RALEIGH, N.C. & BURLINGTON, Mass.--(BUSINESS WIRE)--
Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source
solutions, and Black Duck Software, a global leader in automated
solutions for securing and managing open source software, today
announced a collaboration to establish a secure and trusted model for
containerized application delivery by providing verification that
application containers are free from known vulnerabilities and include
only certified content. This validation is a major step forward in
enabling enterprise-ready application containers, and builds upon the
strengths of each company - Red Hat's leadership in container
technologies and solutions, including its platform
and certification
strategy, and Black Duck's unique position as the provider of the most
comprehensive identification and earliest notification technologies of
open source vulnerabilities.
Because containers enable consistent operating environments for
development, testing, and deployment, they are quickly becoming a
mainstream technology. Container security, however - including
provenance, certification, policy and trust - has emerged as a challenge
for enterprise adoption. A recent survey
of global IT professionals commissioned by Red Hat through TechValidate
showed that more than 60 percent of respondents identified container
security, certification, and image provenance as key issues.
Underscoring these concerns is the fact that more than 30 percent of
official images in the Docker Hub contain high priority security
vulnerabilities, according to a May
2015 study by BanyanOps. Thus, enterprise-level Deep
Container Inspection (DCI), combined with certification, policy and
trust, will be integral to the development, deployment, and management
of containers - which is exactly what the collaboration between Black
Duck and Red Hat is aimed at providing.
As an initial part of the collaboration, the companies plan to integrate
Black Duck's container scanning and open source security
vulnerability-mapping software - Black Duck Hub - with OpenShift, Red
Hat's Platform-as-a-Service (PaaS) offering, providing reports and data
on potential vulnerabilities present in container images made available
in the OpenShift registry, a Red Hat-backed repository of validated,
secure and trusted container images. Black Duck's KnowledgeBase provides
the backbone for the Hub, and includes information on 1.1 million open
source projects, with detailed data on more than 100,000 known open
source vulnerabilities across more than 350 billion lines of code.
Black Duck Hub identifies and inventories the open source code in an
application, maps any known open source security vulnerabilities and
dynamically monitors the inventory, providing alerts on any new
vulnerabilities affecting the code.
OpenShift is the first enterprise-ready, web-scale container application
platform based on Docker-formatted Linux containers, Kubernetes
orchestration, and Red Hat Enterprise Linux. When used with the Black
Duck Hub, OpenShift customers can consume, develop and run containerized
applications with increased confidence and security, knowing that these
applications contain code that has been validated/certified.
In addition, the companies plan to include Black Duck technologies as a
set of complementary services within Red Hat's current container
certification workflow for application builders such as Independent
Software Vendors (ISVs). Red Hat previously announced an end-to-end certified
container ecosystem strategy focused on enterprise readiness and
support, similar to the work the company achieved with Linux in the
enterprise. Black Duck's scanning and vulnerability-mapping technology,
reporting and KnowledgeBase integration will add to an already robust
container certification process.
Supporting Quotes
Lou Shipley, CEO, Black Duck
"Container technology is another breakthrough in the constant drive to
increase development agility and get products to market more quickly.
Speed and agility are key drivers for container adoption in the
enterprise, but not at the expense of security. The Black Duck-Red Hat
collaboration is rooted in the collective value that we deliver from an
open source perspective, by helping to make containers safe for
enterprise use."
Lars Herrmann, General Manager, Integrated Solutions, Red Hat
"A significant part of an enterprise-ready container strategy is the
ability to trust the code across the entire lifecycle of a containerized
application, from development to management. Red Hat and Black Duck are
extending the value of Red Hat's platform and certification process to
the broader developer community and our customers in addition to our
robust partner ecosystem. This collaboration demonstrates Red Hat's
continued commitment to delivering not only Linux container-based
innovation, but also the tools and ecosystem to help enterprises adopt
containerized applications that are secure, certified and supported."
Additional Resources
Connect with Red Hat
Connect with Black Duck Software
About Red Hat, Inc.
Red Hat is the world's leading provider of open source software
solutions, using a community-powered approach to reliable and
high-performing cloud, Linux, middleware, storage and virtualization
technologies. Red Hat also offers award-winning support, training, and
consulting services. As a connective hub in a global network of
enterprises, partners, and open source communities, Red Hat helps create
relevant, innovative technologies that liberate resources for growth and
prepare customers for the future of IT. Learn more at http://www.redhat.com.
About Black Duck Software
Organizations worldwide use Black Duck Software's industry-leading
products to secure and manage open source software, eliminating the pain
related to security vulnerabilities, compliance and operational risk.
Black Duck is headquartered in Burlington, MA, and has offices in
Mountain View, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and
Beijing. For more information, visit www.blackducksoftware.com.
Red Hat's Forward-Looking Statements
Certain statements contained in this press release may constitute
"forward-looking statements" within the meaning of the Private
Securities Litigation Reform Act of 1995. Forward-looking statements
provide current expectations of future events based on certain
assumptions and include any statement that does not directly relate to
any historical or current fact. Actual results may differ materially
from those indicated by such forward-looking statements as a result of
various important factors, including: risks related to the ability of
Red Hat to compete effectively; the ability to deliver and stimulate
demand for new products and technological innovations on a timely basis;
delays or reductions in information technology spending; the effects of
industry consolidation; the integration of acquisitions and the ability
to market successfully acquired technologies and products; uncertainty
and adverse results in litigation and related settlements; the inability
to adequately protect Red Hat intellectual property and the potential
for infringement or breach of license claims of or relating to third
party intellectual property; risks related to data and information
security vulnerabilities; ineffective management of, and control over,
Red Hat's growth and international operations; fluctuations in exchange
rates; and changes in and a dependence on key personnel, as well as
other factors contained in Red Hat's most recent Quarterly Report on
Form 10-Q (copies of which may be accessed through the Securities and
Exchange Commission's website at http://www.sec.gov),
including those found therein under the captions "Risk Factors" and
"Management's Discussion and Analysis of Financial Condition and Results
of Operations." In addition to these factors, actual future performance,
outcomes, and results may differ materially because of more general
factors including (without limitation) general industry and market
conditions and growth rates, economic and political conditions,
governmental and public policy changes and the impact of natural
disasters such as earthquakes and floods. The forward-looking statements
included in this press release represent Red Hat's views as of the date
of this press release and these views could change. However, while Red
Hat may elect to update these forward-looking statements at some point
in the future, Red Hat specifically disclaims any obligation to do so.
These forward-looking statements should not be relied upon as
representing Red Hat's views as of any date subsequent to the date of
this press release.
Red Hat, Red Hat Enterprise Linux, OpenShift and the Shadowman logo
are trademarks of Red Hat, Inc., registered in the U.S. and other
countries. Linux® is the registered trademark of Linus Torvalds
in the U.S. and other countries.
View source version on businesswire.com: http://www.businesswire.com/news/home/20151020005916/en/
Red Hat, Inc.
John Terrill, +1-571-421-8132
jterrill@redhat.com
or
Black
Duck Software
Brian Carter, 508-277-7570
bcarter@blackducksoftware.com
Source: Red Hat, Inc. and Black Duck
News Provided by Acquire Media