Black Duck Software Inc. is making its protexIP/OnDemand software-compliance assessment service available free of charge from Tuesday through the end of the year, according to a company executive. The service analyzes software projects to determine whether they contain any pieces of open-source code and ensure that the code meets licensing obligations.
The offer includes support and the training needed to use the hosted online service, according to Paul Henderson, vice president of marketing at Black Duck. The move is a bid to net the startup more customers while also encouraging wider use of legally compliant open-source software, he said in a phone interview Tuesday.
The company made the announcement Tuesday at the O’Reilly European Open Source Convention in Amsterdam.
“There’s a lot of angst in companies of all sizes who’ve not been paying attention to open-source usage,” Henderson said. Firms are coming under increasing pressure to get a handle on whether their software contains any open-source components, and, if so, to ensure that any licensing and legal obligations are met, he added. This is also the case for companies required to carry out due diligence in relation to pending mergers and acquisitions with would-be purchasers looking to obtain “a clear picture of the pedigree of [a firm’s] software,” Henderson said.
ProtexIP/OnDemand can detect open-source fragments as small as 10 lines to 20 lines of code using the company’s digital Code Print technology and its open-source KnowledgeBase, according to Henderson. It can then identify the license associated with the open-source piece of code and highlight any potential conflicts between that license and any relevant license restrictions or business policies.
The service can handle individual software projects up to 25M bytes in size, equivalent to around one million lines of code, he said. There is no limit on how many projects a company can have assessed by protexIP/OnDemand for free from now through Dec. 31, Henderson added. Prior to the offer, the service was priced at US$6,000 per 25M-byte project.
Black Duck’s raison d’etre isn’t to provide one-time assessments of a company’s software, but to supply customers with automated compliance tools on an ongoing basis, Henderson said. ProtexIP/OnDemand provides a “first step” or a “baseline” for firms to find out where they are in terms of the open-source software contained in their applications, he added.
The company is hoping that “thousands of users” will opt for the free version of protexIP/OnDemand, according to Henderson. “We call it the ‘no excuses program,'” he said. “There’s no reason why someone wouldn’t come and try it, there’s no obligation.”
Black Duck doesn’t currently break out the number of customers for its hosted service but since its introduction in March customers have used protexIP/OnDemand “to process millions of lines of code,” Henderson said.
Black Duck also sells protexIP/Development, an enterprise management service aimed at large teams of people collaborating on software projects, which shipped last year and is based on the same code as the hosted service. The company’s customers include Laplink Software Inc., Orbitz LLC, Samsung Electronics Co. Ltd. and SAS Institute Inc., according to Henderson.
Privately owned Black Duck is based in Waltham, Massachusetts. To date, the company has raised $17 million in venture capital funding with investors including Intel Capital, Red Hat Inc. and SAP Ventures.