Software security company Black Duck is ramping up efforts to help organizations comply with the European Cyber Resilience Act (CRA), building on a 20-year partnership with British chip design giant Arm. The collaboration focuses on securing software running on Arm64-based systems, now widely used in hyperscaler and enterprise environments.
Since 2005, Black Duck has played a behind-the-scenes role in securing the software infrastructure used by Arm and its customers. Today, that relationship takes on new relevance amid heightened cybersecurity demands and tighter European regulations.
As adoption of 64-bit Arm processors accelerates, especially in large-scale data centers, Black Duck has extended support for Arm architectures across its two core offerings: Coverity® for static code analysis and Black Duck® SCA (Software Composition Analysis) for open source risk management. These tools help developers find and fix vulnerabilities early in the development cycle, a key requirement under the EU’s CRA.
One hyperscaler using Black Duck SCA on Arm-based CPUs has reported a 19% drop in operational costs, underscoring the benefits of security solutions tailored for modern hardware.
“Robust product security remains a top priority as more AI-driven workloads grow in complexity and scale,” said Lyndon Fawcett, director of product security at Arm. “With security deeply embedded into our development life cycle, partnerships like the one we’ve built with Black Duck over 20 years are vital for strengthening the software security of the Arm ecosystem and helping customers stay ahead of evolving compliance demands like the ones outlined in the EU Cyber Resilience Act.”
The CRA is expected to usher in sweeping changes for software makers selling into Europe, including the mandatory use of Software Bills of Materials (SBOMs) and new responsibilities regarding vulnerability management. Black Duck, a frequent leader in analyst rankings from Gartner and Forrester, says its solutions are designed to help organisations embed security into DevSecOps practices and stay ahead of regulatory deadlines.
“As a long-standing partner to Arm through our static analysis and software composition analysis support, Black Duck remains committed to providing True Scale Application Security to the Arm ecosystem,” said Jason Schmitt, CEO of Black Duck.





