|
Black Duck Analyzer Seeks to Protect IP
By David Rubinstein
January 15, 2003 — As the practice of combing the Internet for prewritten code snippets grows among developers being asked to create applications faster and with fewer resources, enterprises face growing risks to their intellectual property.
“There are a number of risks which result, not the least of which is litigation,” said Doug Levin, founder and CEO of start-up Black Duck Software Inc., which next week at LinuxWorld in New York is introducing itself and its Black Duck Enterprise Edition 1.0, a code validation tool that screens for potential IP problems. “Open-source development has changed everything. Those who don’t see it either are asleep or in denial.”
One of the biggest issues, Levin said, occurs when software created under the GPL and similar licenses is combined with proprietary software. All the resulting code, including proprietary portions, must be made available to the public. Levin, who was the former head of worldwide licensing at Microsoft Corp., said the Black Duck software can protect enterprises from licensing issues being introduced into outsourced development projects, as “developers in outsourcing companies feel even freer about the use and borrowing of open-source software,” Levin said.
At the heart of the Black Duck solution is its knowledge base, which Levin explained contains extensive details about open-source licensing rules, which the company’s Code Analyzer software calls upon during the review phase to verify that the code does not violate any licenses. Black Duck Enterprise Edition can be used with source-code management tools adhering to the CVS standards as well as with Eclipse tools, Levin said.
The knowledge base is updated with new open-source licenses to keep the data as current as possible, Levin said. There are some 45 open-source licenses authorized by the Open Source Initiative (www.opensource.org/licenses), and another 15 or so that are also in use, he claimed. In addition, Black Duck provides users with information regarding the potential results of combinations of applications, licenses and code, and with best practices for bringing open-source and proprietary code together, Levin said.
Companies can use the Black Duck policy module to impose their own rules on the use of open-source software, such as to generate a warning any time GPL code is brought into a project. “If a corporation has rules against using open-source code, we can detect that and certify the code is either open-source-free or includes open-source with the proper licenses in place,” Levin said.
For ISVs, Black Duck includes a Project License Profile that describes all open-source licenses that are in use and all the restrictions, limitations and economics of the proposed package, Levin added.
Black Duck Enterprise Edition has yet to be priced by the company, which was started in December 2002 and is headquartered in Chestnut Hill, Mass.
|
|
Advertisement
Back to Top
|