Black Duck collaborates with Arm to help organizations secure Arm64-based systems and align with new European software regulations.
BURLINGTON, Mass., June 24, 2025 — Black Duck® Software, Inc. (“Black Duck”), a leading provider of application security solutions, celebrates 20 years of collaboration with British semiconductor and software design company Arm. The joint effort is aimed at helping secure products for a world with ever-changing security concerns and emerging regulations. Black Duck has been involved in securing the software that supports Arm’s own computing needs, and those of their customers, since 2005.
As a trusted leader in application security testing, Black Duck enables companies to manage open source risks, detect security vulnerabilities in proprietary code and align with regulatory expectations such as those outlined in the European Cyber Resilience Act (CRA). One hyperscaler customer of Black Duck has seen a significant 19% cost reduction by running Black Duck® SCA on Arm®-based CPUs. Through collaborations like this, Black Duck is helping organizations with key software composition analysis (SCA) tenets of the CRA requirements.
To support the widespread adoption of 64-bit Arm-based processors at hyperscalers and other large-scale deployments, Black Duck has extended its existing Coverity® Static Analysis and Black Duck SCA offerings to natively support Arm architecture through continuous software security testing.
Black Duck is a seven-time Leader in the Gartner® Magic Quadrant™ for Application Security Testing, a four-time Leader in the Forrester Wave™ for Software Composition Analysis and a three-time Leader in the Forrester Wave™ for Static Application Security Testing.
“As a long-standing partner to Arm through our static analysis and software composition analysis support, Black Duck remains committed to providing True Scale Application Security to the Arm ecosystem,” said Jason Schmitt, CEO of Black Duck.
With the enactment of the EU CRA, organizations are increasingly required to produce Software Bills of Materials to manage vulnerabilities and improve software transparency and security. Black Duck offers a comprehensive portfolio of application security solutions, including Black Duck SCA for open source risk management and Coverity for finding weaknesses in code, helping companies address evolving regulatory requirements, and integrating security into their DevSecOps workflows.
“Robust product security remains a top priority as more AI-driven workloads grow in complexity and scale,” said Lyndon Fawcett, director of product security at Arm. “With security deeply embedded into our development life cycle, partnerships like the one we’ve built with Black Duck over 20 years are vital for strengthening the software security of the Arm ecosystem and helping customers stay ahead of evolving compliance demands like the ones outlined in the EU Cyber Resilience Act.”
About Black Duck
Black Duck® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world. Only Black Duck solutions free organizations from tradeoffs between speed, accuracy, and compliance at scale while eliminating security, regulatory, and licensing risks. Whether in the cloud or on premises, Black Duck is the only choice for securing mission-critical software everywhere code happens. With Black Duck, security leaders can make smarter decisions and unleash business innovation with confidence. Learn more at www.blackduck.com.




