Black Duck™ Export
Governments around the world regulate the commercial export and transfer of software containing encryption algorithms. To remain in compliance, you need to be aware of all of the cryptographic content of your software and comply with applicable regulations. Finding encryption in large code bases has traditionally been time consuming and error-prone, until now!
Black Duck™ Export is the world’s first and only solution specifically for encryption export compliance management for software and software-based assets. Companies worldwide depend on Export to analyze source code and identify cryptographic and encryption elements within their code. Without Black Duck Export, finding encryption algorithms in a large software code base is error-prone, labor intensive, expensive and diverts precious resources away from software development.
By using Export to find, identify and resolve encryption issues in your software, you can automate many aspects of encryption compliance procedures. In the United States, rules governing exports and re-exports of software containing encryption items are administered by the Bureau of Industry and Security (BIS) or are found in the Export Administration Regulations (EAR), 15 C.F.R. Parts 730-774. Other governments around the world have similar regulations that control the “type” of encryption allowed to be exported and “to whom.”
Who needs to use Black Duck Export?
Encryption is everywhere – even where you might not expect it. Software with encryption is built into many if not most applications on your cell phone/PDA, pager, headset, laptop, desktop, server, alarm system, anything that communicates electronically. Encryption is essential to secure data from thieves and prying eyes, thus it is essential for online commerce.
Any company or organization that exports software that contains encryption is responsible for complying with government regulations. This includes cases in which the encryption is part of a 3rd party software component, like open source code. It also includes encryption that is unused, but included in binary images. Furthermore, many development organizations are surprised to learn that they must comply with export regulation even when transferring software to foreign design groups within their own organization.
In order to comply with the numerous export regulations put in place by governments around the world, your first step is always to “Know Your Code.” Simply put, that means knowing precisely which encryption method is employed and how it is implemented within your code base. Black Duck Export is an essential part of a robust encryption export compliance program.
How does Black Duck Export work?
Black Duck Export is an automated approach to analyzing your code and identifying encryption. Export relies on the Black Duck KnowledgeBase – the industry’s most complete and accurate collection of encryption algorithms and cryptographic components. Export's built-in analysis engine compares your source code and binary files to the KnowledgeBase to identify and catalog cryptographic elements and code components. The KnowledgeBase is updated with new additions from Black Duck on a regular basis in order to keep your analysis results current.
How can Black Duck Export help your company?
With Export, you can implement robust policies in support of your software export strategies. Export supports your development process by identifying encryption software within your products and helping keep an accurate work record for audit support.
The end-result is that Export delivers accurate, thorough and efficient export compliance performance, reducing business risks, lowering your costs and ensuring timely international software/product distribution.
Key Black Duck Export features
- Fast, accurate code analysis allows your organization to quickly, accurately and thoroughly analyze source code and binary files for the presence of encryption elements
- Access to a KnowledgeBase containing hundreds of algorithms for code comparison with regular electronic updates. Find out more
- Enterprise platform that maintains an online export compliance repository and audit trail to answer any encryption-related questions that arise in the future
- Automated support for your rigorous export policies and robust compliance program
How can you find out more information?
To find out more information about export compliance and Black Duck Export, Black Duck offers the following resources:
Encryption Export Compliance Management - Black Duck™ Export 
