Black Duck Software Inc. on Monday rolled out an on-demand service that allows developers and due diligence teams to examine software projects for open source code in order to make sure their licensing obligations are being met.
Called protexIP/OnDemand, the Internet-based service helps developers more quickly deal with compliance requirements related to intellectual property, which typically stem from things such as customer procurement, outsourced project validations, and internal compliance programs.
“Increasingly, businesses are being required to provide evidence that they are managing the origins of their software intellectual property. Consequently, development teams are being called on for in-depth compliance validations in support of specific business transactions,” said Doug Levin, Black Duck’s CEO.
“We think this sort of on-demand solution can deliver more in-depth information to these compliance teams,” he said.
The company has had approximately a dozen beta testers of the product over the past few months, including Kayak.com, which is in the business of providing objective travel information through its simultaneous search of almost 100 travel sites. The company also offers individualized results for a user’s specific trip.
Given the increasing proliferation of open source software among companies both large and small, some analysts believe Black Duck’s new service is well timed.
“Open source software has gained a strong foothold in the lower levels of the software stack and is likely to have a greater impact higher up in the software stack in the future. Organizations would be wise to gain a better understanding of open source license and intellectual property to comply with various licensing obligations,” said Dan Kusnetzky, program vice president at IDC’s System Software, Enterprise Computing Group.
Typically, developers are asked to manually analyze code line by line to validate its origins, with management and legal counsel often working in concert with them to evaluate those results and assure compliance. The process can often be time consuming and expensive.
An online service such as protexIP/On Demand, however, serves to automate that review process, thereby producing more accurate results, company officials contend. The product uses Black Duck’s Code Print technology and open source Knowledgebase to identify thousands of open source programs that might have been inserted into the source code.
After it identifies the code, the service can identify the license associated with the inserted code by polling its database of hundreds of different license types. In the process, it also highlights possible conflicts between that license and other relevant license restrictions. From these results the service then generates a “punch list” of issues for review by legal counsel, company officials explained.
To ensure security, the new service leaves the users’ source code behind their company’s firewall during the analysis. Services can be purchased using a credit card or purchase order.
Pricing starts at US$3,000 for the analysis of up to 10 megabytes of user source code, with users having access to the service for as long as 90 days. Analyzing up to 100 megabytes of code maxes out at $25,000.