Black Duck Software Inc. is making its protexIP/OnDemand software-compliance assessment service available free of charge through to the end of the year, according to a company executive. The service analyzes software projects to determine whether they contain any pieces of open-source code and ensures that the code meets licensing obligations.
The offer includes the support and training needed to use the hosted online service, according to Paul Henderson, vice-president of marketing at Black Duck. The move is a bid to net the startup more customers while also encouraging wider use of legally compliant open-source software, he said in a phone interview last month.
The company made the announcement at the O’Reilly European Open Source Convention in Amsterdam in October.
“There’s a lot of angst in companies of all sizes who’ve not been paying attention to open-source usage,” Henderson said. Firms are coming under increasing pressure to get a handle on whether their software contains any open-source components, and, if so, to ensure that any licensing and legal obligations are met, he added. This is also the case for companies required to carry out due diligence in relation to pending mergers and acquisitions with would-be purchasers looking to obtain “a clear picture of the pedigree of [a firm’s] software,” Henderson said.
ProtexIP/OnDemand can detect open-source fragments as small as 10 lines to 20 lines of code using the company’s digital Code Print technology and its open-source KnowledgeBase, according to Henderson. It can then identify the license associated with the open-source piece of code and highlight any potential conflicts between that license and any relevant license restrictions or business policies.
The service can handle individual software projects up to 25MB in size, equivalent to around one million lines of code, he said. There is no limit on how many projects a company can have assessed by protexIP/OnDemand for free from now through Dec. 31, Henderson added. Prior to the offer, the service was priced at US$6,000 per 25MB project.
Black Duck’s raison d’etre isn’t to provide one-time assessments of a company’s software, but to supply customers with automated compliance tools on an ongoing basis, Henderson said. ProtexIP/OnDemand provides a “first step” or a “baseline” for firms to find out where they are in terms of the open-source software contained in their applications, he added.
The company is hoping that “thousands of users” will opt for the free version of protexIP/OnDemand, according to Henderson. “We call it the ‘no excuses program,’” he said. “There’s no reason why someone wouldn’t come and try it, there’s no obligation.”
Black Duck doesn’t currently break out the number of customers for its hosted service, but since its introduction in March, customers have used protexIP/OnDemand “to process millions of lines of code,” Henderson said.
Black Duck also sells protexIP/Development, an enterprise management service which shipped last year and is based on the same code as the hosted service.