Black Duck™ Export is the world’s first and only solution specifically for encryption and cryptography export compliance management for software and software-based assets. Companies worldwide depend on Export to analyze source code and identify crypto and encryption components within their code. Otherwise, this is often an error-prone and labor intensive task.
By using Export to find, identify and resolve encryption issues in your software, you can automate many aspects of Federal encryption compliance procedures with the U.S. Department of Commerce. In the United States, rules governing exports and re-exports of encryption items are administered by the Bureau of Industry and Security (BIS) or are found in the Export Administration Regulations (EAR), 15 C.F.R. Parts 730-774.
Who needs to use Black Duck Export?
Software encryption is considered a “dual-use commodity” by most countries, so all software companies and companies with software controlled products must include encryption rules in their software development policy. In order to comply with the numerous export regulations, your first step is always to “Know Your Code.” Simply put, that means know precisely which encryption method is employed and how it is implemented when it comes to cryptographic and encryption related code.
How does Black Duck Export work?
The core component of Export is the CryptoBase – the most comprehensive database of its kind available on the market today. Black Duck’s CryptoBase is the industry’s most complete and accurate library of encryption algorithms and cryptographic components. Export's built-in analysis engine compares your code against the CryptoBase to identify and catalog its crypto and encryption elements.
Export then calculates the ECCN (Export Control Classification Number) suggestion and determines the proper notification or license exception for filing with the BIS and National Security Agency (NSA). The CryptoBase is updated with new additions from Black Duck on a regular basis in order to keep your algorithms and regulations current.
How can Black Duck Export help your company?
With Export, you can implement rigorous and best practices in support of your software export strategies. Export supports your development process by identifying encryption software within your products and determining applicable export rules. It also streamlines all applicable government reporting, review and licensing requirements and keeps an accurate work record for audit support.
The end-result is that Export delivers accurate, thorough and efficient export compliance performance, reducing business risks, lowering your costs and ensuring timely international product shipments.
Key Black Duck Export features
- Simplifies legal compliance by instantly determining which U.S. Government export requirements apply to your software components
- Supports your creation of a rigorous export process and best practices
- Fast, accurate code analysis allows your organization to quickly, accurately and thoroughly analyze source code and binary files for the presence of cryptographic and encryption elements
- Cryptographic KnowledgeBase contains thousand of libraries for code comparison. Find out more
- Determines resolution on whether or not to export software without additional reporting or, given strength of the encryption, which reports, application or licenses are required
- Streamlines reporting by automatically preparing and submitting notifications and applications to the BIS and NSA
- Creates and maintains an online export compliance repository and audit trail to answer any encryption questions you may have in the future
How can you find out more information?
To find out more information about export compliance and Black Duck Export, Black Duck offers the following resources:
Encryption Export Compliance Management - Black Duck™ Export 
