BURLINGTON, Mass., March 6, 2025 /PRNewswire/ -- Black Duck® Software, Inc. ("Black Duck"), a leading provider of application security solutions, today announced that STMicroelectronics (NYSE:STM), a global semiconductor leader serving customers across the spectrum of electronics applications, has successfully implemented Black Duck Software Composition Analysis (SCA) to streamline software bill of materials (SBOM) generation and strengthen its software security practices. STMicroelectronics has also adopted Coverity Static Analysis to proactively identify and remediate security vulnerabilities in software components, further strengthening the security posture of embedded software in its microcontroller products.

Black Duck (PRNewsfoto/Black Duck Software)

STMicroelectronics has leveraged Black Duck SCA to automate end-to-end SBOM generation, reinforcing software security for its latest ultra-low power product, the STM32U3 microcontroller.

With the enactment of the European Cyber Resilience Act (CRA), organizations are increasingly required to produce SBOMs and disclose vulnerabilities to improve software transparency and security. Black Duck offers a comprehensive portfolio of application security solutions, including Black Duck SCA for open source risk management and Coverity Static Analysis for finding code quality defects, helping companies address evolving regulatory requirements, and integrating security into their DevSecOps workflows.

"Software-secure development lifecycle has always been a top priority for ST. Thanks to collaboration with a market leader such as Black Duck, we are reinforcing and optimizing our capacity to automatically generate SBOMs in a standardized, machine-readable format," said Jacques Fournier, Director, Security Platform at STMicroelectronics. "Integrating new capabilities into our software development toolbox enables us to create seamlessly comprehensive SBOMs, while by supporting monitoring processes, we can streamline our support to our customers for secure-by-design solutions and comply with new regulations like the EU Cyber Resilience Act."

Black Duck is a seven-time Leader in the Gartner® Magic Quadrant™ for Application Security Testing, a four-time Leader in the Forrester Wave™ for Software Composition Analysis, and a three-time Leader in the Forrester Wave™ for Static Application Security Testing. 

"STMicroelectronics sets an excellent example for how to integrate Black Duck SCA and Coverity seamlessly into their process for CRA compliance," said Jason Schmitt, CEO of Black Duck. "This use case not only automates SBOM generation but also significantly enhances their ability to produce secure, compliant, high-quality products. At Black Duck, we are committed to helping organizations like STMicroelectronics build trust in their software by managing application risks at the speed their business demands."

As a trusted leader in application security testing, Black Duck enables companies to manage open-source risks, detect security vulnerabilities in proprietary code, and align with regulatory expectations such as those outlined in the CRA. With this collaboration, STMicroelectronics is further enhancing its cybersecurity strategy in the microcontroller industry. 

Learn more about the Black Duck portfolio.

To learn more about how STMicroelectronics is using Black Duck solutions to secure the new STM32U3 microcontroller and their other products, visit them in Hall 4A, #148 at embedded world 2025 from 11-13 March.

About Black Duck 
Black Duck®, formerly known as the Synopsys Software Integrity Group, offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. Learn more at www.blackduck.com. 

 

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/stmicroelectronics-integrates-black-duck-sca-and-coverity-for-automated-sbom-generation-and-enhanced-software-security-302392021.html

SOURCE Black Duck Software

Copyright 2025 PR Newswire

STMicroelectronics NV (NYSE:STM)
Historical Stock Chart
From Feb 2025 to Mar 2025 Click Here for more STMicroelectronics NV Charts.
STMicroelectronics NV (NYSE:STM)
Historical Stock Chart
From Mar 2024 to Mar 2025 Click Here for more STMicroelectronics NV Charts.