UltraViolet Expands AppSec Capabilities With Black Duck’s Testing Business
Summary
UltraViolet Cyber has acquired the Application Security Testing (AST) services arm of Black Duck to broaden its unified security operations offering. The deal brings penetration testing, red teaming, threat modelling, cloud risk assessments and secure software development consulting into UltraViolet’s portfolio and will be integrated with the company’s UV Lens security-as-a-service platform. UltraViolet says the move aims to detect vulnerabilities earlier across multicloud workloads, DevSecOps pipelines and container environments while reducing remediation costs and breaking down operational silos between AppSec and wider security operations. Note: the acquisition covers only Black Duck’s testing business; the rest of Black Duck remains separate under a commercial partnership.
Key Points
- UltraViolet acquired Black Duck’s Application Security Testing services, not the whole company.
- New capabilities include penetration testing, red teaming, threat modelling, cloud risk assessments and secure development consulting.
- Integration with UV Lens aims to bring AppSec into a single security-as-a-service workflow and remove operational silos.
- Focus is on earlier detection across multicloud, DevSecOps pipelines and containerised deployments, which should reduce remediation cost and effort.
- Black Duck customers gain access to UltraViolet’s broader security services via a commercial partnership.
Why should I read this?
Short version: if you care about application security or managing software risk, this is worth a quick read. UltraViolet is bundling testing services into its UV Lens platform so teams can find problems sooner without juggling multiple vendors. We’ve read it so you don’t have to — quick take: better detection earlier, fewer silos, less admin pain.
Context and Relevance
Software risk management is increasingly central to enterprise security programmes. This acquisition reflects a broader trend of consolidating AppSec capabilities into unified security operations and security-as-a-service offerings. For security leaders, DevSecOps teams and CTOs this matters because earlier vulnerability discovery and tighter integration with cloud and pipeline tooling directly cut remediation time and cost. It also signals continued market consolidation among AppSec providers and a push to offer end-to-end testing and advisory through single suppliers.
