To: Board of Supervisors
From: Dr. Grant Colfax, Health Services Director
Report Title: Amendment #23-570-7 with Black Duck Software, Inc.
?Recommendation of the County Administrator ? Recommendation of Board Committee
RECOMMENDATIONS:
APPROVE and AUTHORIZE the Health Services Director, or designee, to execute on behalf of the County Contract Amendment/Extension #23-570-7 with Black Duck Software, Inc., a corporation, effective, August 2, 2025, to amend Contract #23-570 (as amended by County Contract Amendment #23-570-1 through 23-570-4, and 23-570-6), to increase the payment limit by $378,147, from $516,378 to a new payment limit of $894,525, and extend the termination date from August 2, 2025, to August 2, 2028, and for successive one (1) year terms thereafter until terminated, for software and services to identify and remediate network security vulnerabilities for the Health Services Information Systems Unit.
FISCAL IMPACT:
Approval of this Amendment will result in additional annual expenditures of up to $378,147 and will be funded as budgeted by the department in FY's 2025-28, by 100% Hospital Enterprise Fund I. (Rate increase)
BACKGROUND:
This Contract Amendment/Extension meets the needs of the County by providing third-party application security software as a service. Blackduck Sentinel is a Software-as-Service (SaaS) solution providing application security that assesses code and assists in identifying and remediating vulnerabilities before the code is pushed to production by incorporation of security across the entire software development lifecycle (SDLC) that helps proactively protect Contra Costa Health's (CCH) digital estate against cyber threats. CCH's Information Systems Unit utilizes applications hosted by third-party sites. This software analyzes and minimizes risk before and during the ongoing use of these systems.
CCH has been contracting with this vendor since November 2015 for its services concerning vulnerability scanning software. Healt...
Click here for full text