Case Study: ZPE Systems achieves industry-leading security and major CVE reduction with Black Duck

The Nodegrid OS and ZPE Cloud achieve the industry’s highest security level with Black Duck

ZPE Systems, a leader in critical‑infrastructure automation trusted by major tech companies, faced the challenge of securing a complex software supply chain spanning proprietary, open‑source, and third‑party components. With patches often taking more than 205 days to apply and limited visibility into third‑party code, ZPE needed a way to enforce SDLC best practices and reduce the attack surface on devices used in data centers and edge environments.

ZPE implemented a layered Black Duck AST program—Coverity static analysis, Black Duck SCA and Binary Analysis, and Continuous Dynamic testing—integrated into CI/CD pipelines to find issues early, generate SBOMs, and scan binaries without source code access. The approach improved vulnerability prioritization and remediation, produced a notable reduction in CVEs, and strengthened ZPE’s security posture and trust with enterprise customers.

ZPE Systems

Koroush Saraf

Vice President of Product Management