Case Study: MEGA International achieves holistic application security and fixes 40K defects with Black Duck (Coverity & SCA)

MEGA International Holistic Application Security with Coverity and Black Duck

MEGA International, a long-standing leader in enterprise architecture, relied on its HOPEX SaaS platform to serve major financial, services, and government customers and needed to ensure best-in-class security across more than 5 million lines of code. The company’s challenge was to validate code quality, track and secure an expanding web of third-party and transitive open‑source dependencies with a continuously updated Bill of Materials, and demonstrate secure data management to SOC 2 auditors.

MEGA implemented a holistic AppSec program with Coverity for static analysis and Black Duck SCA for software composition analysis and BOM creation. Coverity’s broad language coverage and focused alerting, combined with Black Duck’s rapid third‑party discovery, let MEGA integrate security and license checks into CI; since 2017 the team has fixed about 40,000 defect instances, identified over 1,700 external components across 70 license types, and improved dependency governance and code housekeeping.

MEGA International

Philippe Bobo

Head of Research and Development