Use these Dashboard pages for a high-level overview of risk:.Use this page to quickly assess areas where you need to focus your attention. Use the Summary Dashboard to view the overall health of your projects and identify areas of concern.Create policies that trigger violations when components do not comply with your security policies.Vulnerabilty C has data for everything.Vulnerabilty B has data for NVD3 and BDSA3.The vulnerability is listed as NVD-1234-5678 in the report. Vulnerabilty A has data for just NVD3.For example, if the security ranking is NVD2, BDSA2, BDSA3, NVD3 then: Depending on the data available, the vulnerability will be presented as either: BDSA (NVD) or NVD (BDSA). Note that the security ranking also defines how vulnerabilities appear in reports. If necessary, users with the system administrator role can define the default security ranking.
NVD and BDSA use the Common Vulnerability Scoring System (CVSS) which provides a numerical score reflecting the severity of a vulnerability. Note that Black Duck displays the numbers together in reports and in the UI because they represent the same vulnerability from different sources. Vulnerabilities are linked to the open source components by the Common Vulnerabilities and Exposures numbers (CVEs), as reported in the National Vulnerabilities Database (NVD) maintained by the National Institutes of Standards and Technology (NIST) and/or by (BDSA) numbers If you have licensed Black Duck Security Advisories. Black Duck helps security and development teams identify security risks across their applications.īy mapping vulnerabilities to your open source software, Black Duck can provide you with high-level overview information on security risk of your projects, along with detailed information on security vulnerabilities which you can use to investigate and remediate your security vulnerabilities.