STMicroelectronics Integrates Black Duck SCA and Coverity for Automated SBOM Generation and Enhanced Software Security
STMicroelectronics (NYSE:STM) has implemented Black Duck Software Composition Analysis (SCA) and Coverity Static Analysis to enhance software security and automate SBOM generation for its products, particularly the STM32U3 microcontroller.
The integration aims to comply with the European Cyber Resilience Act (CRA) requirements, which mandate organizations to produce SBOMs and disclose vulnerabilities. The implementation enables STMicroelectronics to generate standardized, machine-readable SBOMs while strengthening its software security practices.
Black Duck, a seven-time Leader in Gartner Magic Quadrant for Application Security Testing, will help STMicroelectronics manage open-source risks and detect security vulnerabilities in proprietary code. The collaboration will be showcased at embedded world 2025 from March 11-13.
STMicroelectronics (NYSE:STM) ha implementato Black Duck Software Composition Analysis (SCA) e Coverity Static Analysis per migliorare la sicurezza del software e automatizzare la generazione di SBOM per i suoi prodotti, in particolare il microcontrollore STM32U3.
L'integrazione mira a conformarsi ai requisiti del European Cyber Resilience Act (CRA), che obbligano le organizzazioni a produrre SBOM e a divulgare le vulnerabilità. L'implementazione consente a STMicroelectronics di generare SBOM standardizzati e leggibili dalle macchine, rafforzando al contempo le proprie pratiche di sicurezza software.
Black Duck, leader per sette volte nel Gartner Magic Quadrant per il Testing della Sicurezza delle Applicazioni, aiuterà STMicroelectronics a gestire i rischi open-source e a rilevare vulnerabilità nella codifica proprietaria. La collaborazione sarà presentata a embedded world 2025 dal 11 al 13 marzo.
STMicroelectronics (NYSE:STM) ha implementado Black Duck Software Composition Analysis (SCA) y Coverity Static Analysis para mejorar la seguridad del software y automatizar la generación de SBOM para sus productos, en particular el microcontrolador STM32U3.
La integración tiene como objetivo cumplir con los requisitos de la European Cyber Resilience Act (CRA), que obliga a las organizaciones a producir SBOM y a divulgar vulnerabilidades. La implementación permite a STMicroelectronics generar SBOM estandarizados y legibles por máquina, mientras refuerza sus prácticas de seguridad de software.
Black Duck, líder siete veces en el Gartner Magic Quadrant para Pruebas de Seguridad de Aplicaciones, ayudará a STMicroelectronics a gestionar riesgos de código abierto y a detectar vulnerabilidades en código propietario. La colaboración se presentará en embedded world 2025 del 11 al 13 de marzo.
STMicroelectronics (NYSE:STM)는 Black Duck Software Composition Analysis (SCA)와 Coverity Static Analysis를 구현하여 소프트웨어 보안을 강화하고 제품, 특히 STM32U3 마이크로컨트롤러에 대한 SBOM 생성을 자동화했습니다.
이 통합은 조직이 SBOM을 생성하고 취약점을 공개하도록 요구하는 유럽 사이버 회복력 법안 (CRA)의 요구 사항을 준수하는 것을 목표로 합니다. 이 구현을 통해 STMicroelectronics는 표준화된 기계 판독 가능 SBOM을 생성하고 소프트웨어 보안 관행을 강화할 수 있습니다.
Black Duck은 애플리케이션 보안 테스트를 위한 가트너 매직 쿼드런트에서 7회 리더로 선정된 기업으로, STMicroelectronics가 오픈 소스 위험을 관리하고 독점 코드의 보안 취약점을 감지하는 데 도움을 줄 것입니다. 이 협력은 2025년 3월 11일부터 13일까지 열리는 embedded world에서 소개될 예정입니다.
STMicroelectronics (NYSE:STM) a mis en œuvre Black Duck Software Composition Analysis (SCA) et Coverity Static Analysis pour améliorer la sécurité des logiciels et automatiser la génération de SBOM pour ses produits, en particulier le microcontrôleur STM32U3.
Cette intégration vise à se conformer aux exigences de la Loi européenne sur la résilience cybernétique (CRA), qui oblige les organisations à produire des SBOM et à divulguer les vulnérabilités. La mise en œuvre permet à STMicroelectronics de générer des SBOM standardisés et lisibles par machine tout en renforçant ses pratiques de sécurité logicielle.
Black Duck, leader à sept reprises dans le Gartner Magic Quadrant pour les tests de sécurité des applications, aidera STMicroelectronics à gérer les risques liés à l'open source et à détecter les vulnérabilités de sécurité dans le code propriétaire. La collaboration sera présentée lors de l'embedded world 2025 du 11 au 13 mars.
STMicroelectronics (NYSE:STM) hat Black Duck Software Composition Analysis (SCA) und Coverity Static Analysis implementiert, um die Software-Sicherheit zu verbessern und die SBOM-Generierung für seine Produkte, insbesondere den STM32U3-Mikrocontroller, zu automatisieren.
Die Integration zielt darauf ab, die Anforderungen des European Cyber Resilience Act (CRA) zu erfüllen, die Organisationen verpflichten, SBOMs zu erstellen und Schwachstellen offenzulegen. Die Implementierung ermöglicht es STMicroelectronics, standardisierte, maschinenlesbare SBOMs zu generieren und gleichzeitig die Praktiken zur Software-Sicherheit zu stärken.
Black Duck, siebenmaliger Marktführer im Gartner Magic Quadrant für Anwendungssicherheitstests, wird STMicroelectronics dabei helfen, Risiken im Open Source-Bereich zu managen und Sicherheitsanfälligkeiten im proprietären Code zu erkennen. Die Zusammenarbeit wird auf der embedded world 2025 vom 11. bis 13. März vorgestellt.
- Enhanced software security capabilities for STM products
- Automated SBOM generation system implementation
- Compliance with new European Cyber Resilience Act requirements
- Partnership with industry leader Black Duck strengthens security offerings
- None.
Insights
STMicroelectronics' integration of Black Duck SCA and Coverity represents a strategic investment in cybersecurity infrastructure that positions the company favorably in the evolving regulatory landscape. The implementation addresses compliance requirements under the European Cyber Resilience Act (CRA), which is increasingly critical for semiconductor companies selling into European markets.
This partnership has three key implications for STM investors: First, it reduces regulatory compliance risk as governments worldwide implement stricter cybersecurity requirements for electronic components. Second, it enhances STM's competitive position in the microcontroller market by enabling the company to offer customers verifiable security credentials – particularly important for applications in automotive, industrial automation, and IoT where security breaches carry significant liability. Third, it potentially reduces long-term development costs by automating previously manual security processes.
While the immediate financial impact isn't quantified, this move aligns with broader industry trends toward secure-by-design principles and should strengthen STM's market position in high-value microcontroller segments where security premiums can be charged. The partnership with a recognized security leader (seven-time Gartner Magic Quadrant Leader) also validates STM's approach to software security, which increasingly differentiates semiconductor providers as software becomes more central to their value proposition.
STM's implementation of Black Duck SCA and Coverity reflects an advanced security-first approach that stands out in the embedded systems market. The automatic generation of Software Bills of Materials (SBOMs) addresses a critical gap in supply chain transparency that has historically plagued the semiconductor industry.
The technical significance here extends beyond mere compliance. By implementing these tools specifically for their STM32U3 ultra-low power microcontroller platform, STM is addressing the unique security challenges of resource-constrained devices – a notoriously difficult problem in IoT security. The integration enables continuous monitoring of components for newly discovered vulnerabilities, essential for devices that may remain in the field for a decade or more.
What's particularly notable is STM's focus on standardized, machine-readable SBOM formats, which enables scalable security across their product ecosystem and simplifies customers' security assessment processes. This technical foundation positions STM to better support customers in highly regulated industries like medical devices and critical infrastructure, where component-level security verification is increasingly mandated.
This move represents a competitive advantage as embedded security transitions from a "nice-to-have" feature to a core requirement, especially as regulators worldwide follow Europe's lead in implementing similar requirements to the CRA. STM's early adoption puts them ahead of competitors who will inevitably need to implement similar capabilities.
STMicroelectronics has leveraged Black Duck SCA to automate end-to-end SBOM generation, reinforcing software security for its latest ultra-low power product, the STM32U3 microcontroller.
With the enactment of the European Cyber Resilience Act (CRA), organizations are increasingly required to produce SBOMs and disclose vulnerabilities to improve software transparency and security. Black Duck offers a comprehensive portfolio of application security solutions, including Black Duck SCA for open source risk management and Coverity Static Analysis for finding code quality defects, helping companies address evolving regulatory requirements, and integrating security into their DevSecOps workflows.
"Software-secure development lifecycle has always been a top priority for ST. Thanks to collaboration with a market leader such as Black Duck, we are reinforcing and optimizing our capacity to automatically generate SBOMs in a standardized, machine-readable format," said Jacques Fournier, Director, Security Platform at STMicroelectronics. "Integrating new capabilities into our software development toolbox enables us to create seamlessly comprehensive SBOMs, while by supporting monitoring processes, we can streamline our support to our customers for secure-by-design solutions and comply with new regulations like the EU Cyber Resilience Act."
Black Duck is a seven-time Leader in the Gartner® Magic Quadrant™ for Application Security Testing, a four-time Leader in the Forrester Wave™ for Software Composition Analysis, and a three-time Leader in the Forrester Wave™ for Static Application Security Testing.
"STMicroelectronics sets an excellent example for how to integrate Black Duck SCA and Coverity seamlessly into their process for CRA compliance," said Jason Schmitt, CEO of Black Duck. "This use case not only automates SBOM generation but also significantly enhances their ability to produce secure, compliant, high-quality products. At Black Duck, we are committed to helping organizations like STMicroelectronics build trust in their software by managing application risks at the speed their business demands."
As a trusted leader in application security testing, Black Duck enables companies to manage open-source risks, detect security vulnerabilities in proprietary code, and align with regulatory expectations such as those outlined in the CRA. With this collaboration, STMicroelectronics is further enhancing its cybersecurity strategy in the microcontroller industry.
Learn more about the Black Duck portfolio.
To learn more about how STMicroelectronics is using Black Duck solutions to secure the new STM32U3 microcontroller and their other products, visit them in Hall 4A, #148 at embedded world 2025 from 11-13 March.
About Black Duck
Black Duck®, formerly known as the Synopsys Software Integrity Group, offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. Learn more at www.blackduck.com.
View original content to download multimedia:https://www.prnewswire.com/news-releases/stmicroelectronics-integrates-black-duck-sca-and-coverity-for-automated-sbom-generation-and-enhanced-software-security-302392021.html
SOURCE Black Duck Software
FAQ
What security solutions has STMicroelectronics (STM) implemented for SBOM generation?
How does the Black Duck integration benefit STM's STM32U3 microcontroller?
When will STM showcase its Black Duck security integration at embedded world 2025?
How does STM's Black Duck implementation address regulatory compliance?
