Black Duck Binary Analysis: How to create a Vendor Vulnerability

Black Duck Binary Analysis offers the ability to add vulnerabilities to either your own proprietary components or existing OSS components by using CPE. This feature is especially useful when your organization has either proprietary components you are using in your code base and you wish to keep track of the vulnerabilities in them, or when you have detected vulnerabilities from open source components that are specific to your usage. 

You can add multiple different vulnerabilities to the database, and give unique vulnerability IDs for each vulnerability. You can also determine a CVSSv2/v3 equivalent score to your own vulnerability.

Environment:

Black Duck Binary Analysis 2023.09 or newer

Users: Power user, User, Basic user

Hosted or Appliance

Keywords: Learning, elearning, e-learning, course, ecourse, e-course, training, e-training, self-paced, Vendor, Vulnerability, CPE, Common Platform Enumeration, Custom, CVSS