STMicroelectronics Integrates Black Duck SCA and Coverity for Automated SBOM Generation and Enhanced Software Security
Rhea-AI Summary
STMicroelectronics (NYSE:STM) has implemented Black Duck Software Composition Analysis (SCA) and Coverity Static Analysis to enhance software security and automate SBOM generation for its products, particularly the STM32U3 microcontroller.
The integration aims to comply with the European Cyber Resilience Act (CRA) requirements, which mandate organizations to produce SBOMs and disclose vulnerabilities. The implementation enables STMicroelectronics to generate standardized, machine-readable SBOMs while strengthening its software security practices.
Black Duck, a seven-time Leader in Gartner Magic Quadrant for Application Security Testing, will help STMicroelectronics manage open-source risks and detect security vulnerabilities in proprietary code. The collaboration will be showcased at embedded world 2025 from March 11-13.
Positive
- Enhanced software security capabilities for STM products
- Automated SBOM generation system implementation
- Compliance with new European Cyber Resilience Act requirements
- Partnership with industry leader Black Duck strengthens security offerings
Negative
- None.
News Market Reaction 1 Alert
On the day this news was published, STM gained 1.29%, reflecting a mild positive market reaction.
Data tracked by StockTitan Argus on the day of publication.
STMicroelectronics has leveraged Black Duck SCA to automate end-to-end SBOM generation, reinforcing software security for its latest ultra-low power product, the STM32U3 microcontroller.
With the enactment of the European Cyber Resilience Act (CRA), organizations are increasingly required to produce SBOMs and disclose vulnerabilities to improve software transparency and security. Black Duck offers a comprehensive portfolio of application security solutions, including Black Duck SCA for open source risk management and Coverity Static Analysis for finding code quality defects, helping companies address evolving regulatory requirements, and integrating security into their DevSecOps workflows.
"Software-secure development lifecycle has always been a top priority for ST. Thanks to collaboration with a market leader such as Black Duck, we are reinforcing and optimizing our capacity to automatically generate SBOMs in a standardized, machine-readable format," said Jacques Fournier, Director, Security Platform at STMicroelectronics. "Integrating new capabilities into our software development toolbox enables us to create seamlessly comprehensive SBOMs, while by supporting monitoring processes, we can streamline our support to our customers for secure-by-design solutions and comply with new regulations like the EU Cyber Resilience Act."
Black Duck is a seven-time Leader in the Gartner® Magic Quadrant™ for Application Security Testing, a four-time Leader in the Forrester Wave™ for Software Composition Analysis, and a three-time Leader in the Forrester Wave™ for Static Application Security Testing.
"STMicroelectronics sets an excellent example for how to integrate Black Duck SCA and Coverity seamlessly into their process for CRA compliance," said Jason Schmitt, CEO of Black Duck. "This use case not only automates SBOM generation but also significantly enhances their ability to produce secure, compliant, high-quality products. At Black Duck, we are committed to helping organizations like STMicroelectronics build trust in their software by managing application risks at the speed their business demands."
As a trusted leader in application security testing, Black Duck enables companies to manage open-source risks, detect security vulnerabilities in proprietary code, and align with regulatory expectations such as those outlined in the CRA. With this collaboration, STMicroelectronics is further enhancing its cybersecurity strategy in the microcontroller industry.
Learn more about the Black Duck portfolio.
To learn more about how STMicroelectronics is using Black Duck solutions to secure the new STM32U3 microcontroller and their other products, visit them in Hall 4A, #148 at embedded world 2025 from 11-13 March.
About Black Duck
Black Duck®, formerly known as the Synopsys Software Integrity Group, offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. Learn more at www.blackduck.com.
View original content to download multimedia:https://www.prnewswire.com/news-releases/stmicroelectronics-integrates-black-duck-sca-and-coverity-for-automated-sbom-generation-and-enhanced-software-security-302392021.html
SOURCE Black Duck Software
FAQ
What security solutions has STMicroelectronics (STM) implemented for SBOM generation?
How does the Black Duck integration benefit STM's STM32U3 microcontroller?
When will STM showcase its Black Duck security integration at embedded world 2025?
How does STM's Black Duck implementation address regulatory compliance?
