Next Steps

Now what? Your next steps depend on your role.

If you are analyzing a product from a vendor, there are several possibilities. If you evaluate a product for purchase, Black Duck Binary Analysis's analysis gives you an idea of your risk in acquiring and using the product. You can use this information to make an informed decision or to negotiate with your vendor. If you are analyzing a product that is already in use, you can delegate liability by notifying your vendor of the results and ask for an updated version of the product.

If you are using Black Duck Binary Analysis to scan software developed in your organization, then your next action is to update all vulnerable components to their latest versions, rebuild, and retest. The goal should be a clean analysis with no known vulnerabilities.

In either case, if your Black Duck Binary Analysis results are coming up clean, you should next locate and eradicate unknown vulnerabilities. The most effective way to locate unknown vulnerabilities is fuzz testing using Defensics.