UltraViolet Cyber has acquired
Black Duck’s Application Security Testing (AST) services business, a move that broadens its security portfolio and strengthens its ability to serve enterprises and government agencies facing increasingly complex software risks.
Application security has become a critical challenge as organizations scale digital operations, adopt AI-generated code, and rely heavily on open-source components. Flaws introduced early in the development lifecycle often lead to costly remediation later. By bringing Black Duck’s AST services into its unified offensive and defensive operations model, UltraViolet is aiming to help clients identify and mitigate risks before code hits production.
Shifting the Competitive Landscape
With the integration of Black Duck’s AST business, UltraViolet (UV) Cyber is redefining its position in the market.
Ira Goldstein, CEO of UltraViolet Cyber told ChannelE2E, "UltraViolet Cyber becomes even more differentiated relative to other AppSec testing providers, due to its breadth of capabilities. AppSec Testing is all about working with developers and the business to build more resilient software. UV defends these environments as part of our defensive security services, ranging from Security Operations to Security Engineering and beyond. No other AppSec testing company, nor a standalone MSSP, has the breadth and depth of capabilities that UV now brings to its customers.”
This breadth matters because the integration doesn’t just expand UltraViolet’s testing capacity - it reinforces its unified model, bridging the gap between development and defense.
Filling Market Gaps
The acquisition also addresses frustrations that many organizations have with traditional service providers. Goldstein noted, “The biggest frustration that companies have with MSSPs is their lack of continuous validation. Similarly, there is frustration in the market when traditional pen testing firms repeatedly charge to test the same vulnerabilities, without improving the resilience of the infrastructure or applications they are testing. This acquisition addresses both gaps, enabling our SOC customers to benefit from more continuous validation of detections and defenses, and enabling our AST customers to benefit from remediation capabilities earlier in the SDLC.”
That integration translates to earlier detection of vulnerabilities, lower remediation costs, and stronger application resilience across both commercial and federal environments. For organizations experimenting with AI-generated code or building on open-source stacks, the timing of these capabilities is especially critical.
Reinforcing UltraViolet’s Role in Managed Security
The deal also strengthens UltraViolet’s identity as a provider that blends managed services with offensive capabilities.
As Goldstein put it, “UV is the pioneer of blending managed services and offensive security, and this acquisition supports our leadership in the space. Some MSSPs try to bolt-on pen testing services or continuous validation software, but no other provider offers the comprehensive suite of offensive and defensive security services as at UV. Our mantra to continuously assess and consistently defend resonates with our customer and the market, and we will continue to invest to support this strategy.”
The combination of continuous validation, remediation support, and integrated offensive and defensive services positions UltraViolet as a partner capable of meeting the evolving expectations of security leaders who need more than a transactional engagement.
UltraViolet’s latest investment reinforces its push to unify security operations and scale capabilities for both commercial and public sector organizations. By bringing Black Duck’s expertise into its offensive portfolio, UltraViolet is doubling down on its strategy to help clients mitigate software risks before they become production issues - while strengthening its role as a leader in AI-driven application security.
