A Canadian company is hoping to help corporate enterprises avoid litigation and improve due diligence around software by creating a product that tracks outside code or other assets that make their way into the development of applications.
Protecode, based in Ottawa, recently began reaching out to selected users to trial its product, Tracker, which consists of a client running on the developer station and a global intellectual property attributes database that contains information about third-party and open source code that may end up in an application. Tracker is designed to detect, log and identify external content by checking for matches in the database or violations of company policies, and Protecode’s Reporter generates customised reports on the logs. The product will initially be launched for use in software developed on Eclipse and later Microsoft’s .Net and Visual Studio.
Mahshad Koohgoli, Protecode’s founder and CEO, said issues around intellectual property (IP) and software came up frequently when he was developing his last firm, Nimcat Networks, which was acquired by Avaya in 2005.
“For a number of reasons – for investment, for partnership with tier-one companies – always the question of the IT IP ownership came up,” he said. “Depending on who did the due diligence party was, we either had to sign basically our life away swearing to the Lord we know all that all our IP is ours, or else they would send their own lawyers to look into it.”
In forming a relationship with Siemens, for example, Koohgoli said Nimcat was asked to replace a piece of open source code with something proprietary. Taking it out, testing the new APIs and other steps meant the process took about four months.
“It turns out that’s normal. We saw the same story over and over again,” he said. “When you have 30, 35 people developing a piece of software, it’s hard to keep track. The CEO doesn’t know what’s in the product, I assure you. It turns out nobody knows. We are at the mercy of the developers and maybe their immediate managers.”
Protecode users can create a simple one page “policy capture” that defines what kinds of software licence combinations are unacceptable in an application development project, or which organization’s code shouldn’t be used. Its plug-in runs in the background during development and simply records what files are brought into a project face, what’s cut and pasted or downloaded. Then it warns developers of any issues with the code, and they can comment on it. This creates a software “pedigree” that will reassure senior management, Koohgoli said.
George Wowk, a Calgary-based lawyer who specializes in intellectual property and software-related cases, said a software development policy should be incorporated into employee agreements, because turnover in the industry means they could be walking around with their previous employer’s IP.
“You don’t want them to bring in the old code when they’re working on your project,” he said. “That being said, it’s often difficult for a third party to determine whether or not a company’s software includes their IP. If it’s been compiled, you don’t necessarily see it.”
IP in software is becoming more fluid, Koohgoli pointed out. Besides open source repositories, code can be downloaded from Google or brought in via outsourcing partners. Protecode should not slow application development projects down, however.
“The whole intention is that it will be painless to adopt in terms of the installation, operation and pricing,” he said.
Protecode hasn’t worked out full pricing details, but Koohgoli said he is considering a subscription model.