Black Duck Names Dom Glavach as CISO to Bolster Supply Chain and AI Security Push

The software supply chain has become a preferred vector for attackers, from the 2020 SolarWinds breach to recent compromises of AI‑enabled development tools. Open‑source components, container images and automated build pipelines are attractive because a single vulnerable library can affect thousands of downstream applications. At the same time, generative AI is being used to write code, creating new attack surfaces where malicious prompts can inject hidden backdoors. Organizations are therefore scrambling to embed security earlier in the development lifecycle, a shift that demands dedicated leadership and robust governance.

Black Duck, a Synopsys subsidiary, has built its reputation on providing visibility into open‑source risk and licensing compliance. The appointment of Dom Glavach, whose résumé includes FedRAMP‑level compliance work for a top‑100 Department of Defense contractor, gives the firm a rare blend of government‑grade rigor and SaaS‑scale operational experience. His track record of securing remote workforces and responding to nation‑state threats positions Black Duck to enhance its product‑security roadmap, offering customers more automated vulnerability detection, secure code signing, and AI‑aware threat modeling.

From a market perspective, the move underscores a broader trend: CISO roles are migrating from back‑office functions to boardroom agenda items. Investors and regulators are increasingly demanding proof of supply‑chain resilience, especially as AI accelerates development cycles. With Glavach at the helm, Black Duck is likely to expand its advisory services and integrate compliance frameworks such as CMMC and NIST 800‑171 into its platform, setting a new benchmark for how application security vendors address the convergence of open source, AI and enterprise risk.