Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, March 29, 2005

Black Duck debuts IP compliance software

Black Duck Software Inc. rolled out an on-demand service that allows developers and due diligence teams to examine software projects for open source code in order to make sure their licensing obligations are being met.

Called protexIP/OnDemand, the Internet-based service helps developers more quickly deal with compliance requirements related to intellectual property, which typically stem from things such as customer procurement, outsourced project validations, and internal compliance programs.

“Increasingly, businesses are being required to provide evidence that they are managing the origins of their software intellectual property.  Consequently, development teams are being called on for in-depth compliance validations in support of specific business transactions,” said Doug Levin, Black Duck’s CEO.

The company has had approximately a dozen beta testers of the product over the past few months, including, which is in the business of providing objective travel information through its simultaneous search of almost 100 travel sites.

“Open source software has gained a strong foothold in the lower levels of the software stack and is likely to have a greater impact higher up in the software stack in the future.  Organizations would be wise to gain a better understanding of open source license and intellectual property to comply with various licensing obligations,” said Dan Kusnetzky, program vice president at IDC’s System Software, Enterprise Computing Group.

Typically, developers are asked to manually analyze code line by line to validate its origins, with management and legal counsel often working in concert with them to evaluate those results and assure compliance.

An online service such as protexIP/On Demand, however, serves to automate that review process, thereby producing more accurate results, company officials contend.

The product uses Black Duck’s Code Print technology and open source Knowledgebase to identify thousands of open source programs that might have been inserted into the source code.  After it identifies the code, the service can identify the license associated with the inserted code by polling its database of hundreds of different license types.

Posted on 03/29