Black Duck Software

From Wikipedia, the free encyclopedia

 This article is orphaned as few or no other articles link to it.
Please help introduce links in articles on related topics. (January 2008)
This article or section is written like an advertisement.
Please help rewrite this article from a neutral point of view.
Mark blatant advertising which would require a fundamental rewrite in order to become encyclopedic for speedy deletion, using {{db-spam}}(March 2008)
Black Duck Software
Type Privately held
Founded Flag of the United States Massachusetts, USA (2002)
Headquarters Waltham, MA
Key people Douglas Levin, CEO/President
Bill McQuaide, Senior Vice President of Product Development
Industry Development Software
Products Black Duck Code Center
protexIP
transactIP
exportIP
Professional Services
Website www.BlackDuckSoftware.com

Black Duck Software pioneered the automation of mixed-origin software component reuse management. The company’s products and services allow organizations to analyze the composition of software source code and binary files, search for reusable code, manage open source and third-party code approval, honor the legal obligations associated with mixed-origin code, and monitor related security vulnerabilities. Black Duck is considered a technology industry leader and often cited in media articles about open source. [1] [2] [3]

Black Duck Software maintains an extensive knowledge base of open source and third party components - most of which are available on the Internet. In the knowledge base, each component is characterized by metadata such as license, language, version, author, and known vulnerabilities. Black Duck products use this information to facilitate search, selection, approval, validation and tracking of software components. Black Duck Software maintains the open source search engine Koders.

The availability of open source software code on the Internet enables software developers to download open source code and incorporate it into run-time environments and new software under development. Since the code is obtained without being purchased, this practice can bypass traditional procurement management and legal review. [4]

The use and redistribution of open source code is governed by a variety of software licenses, specifically open source licenses, some of which are quite complex. The terms and obligations of these licenses can conflict with one another or with an organization’s goals. The most common open source license is the GNU General Public License, or GPL, which includes obligations to credit the original author and copyright holder and to distribute the source code along with any derivative work.[5]

Open source software creates an efficient business model, incorporating a collaborative software development model. [6] However, modifying or redistributing open source while failing to honor open source license obligations creates legal liability for corporations and their officers. [7] In 2007, open source license infringement litigation went to court in the U.S. for the first time in a suit filed by the Software Freedom Law Center. [8] According to Mark Radcliffe, Deputy General Counsel for the Open Source Initiative, as current and future suits are decided, important case law precedents will be established about the remedies available to open source plaintiffs. [9]

This is the context in which a niche market has developed for products and services from companies such as Black Duck Software that provide automation and information to manage the complexity of emergent composite software development models while avoiding business and legal risks.

Contents

[edit] History

President and CEO, Douglas Levin (Doug Levin), founded Black Duck in 2002, at a time when litigation over open source and software intellectual property began in the United States, including the high-profile SCO v. IBM case. The idea struck him that there should be an automated way to keep track of and verify software code origins.

Black Duck Software began shipping its first product, protexIP, in 2004. In July of 2004, the company had its first round of venture capital funding for $5 million, with investments from Flagship Ventures and General Catalyst Partners. [10], [11]

In June of 2005, a second round of funding added $12 million in investment capital led by Fidelity Ventures of Boston and including Intel Capital (a division of Intel Corporation (Nasdaq: INTC)) , SAP Ventures (a division of SAP AG) and Red Hat (Nasdaq: RHAT), along with existing investors Flagship Ventures and General Catalyst Partners.[12] Throughout 2005, the company created partnerships with other open source organizations, including Red Hat[35], the Open Source Software Institute, Sourceforge, and Olliance Group.

During 2006 Black Duck integrated protexIP with the IBM Rational [36] management platform [13] and released the exportIP product.[14] Also in 2006, the company expanded its distribution network to include resellers in Australia, New Zealand, [15] the UK, [16] Israel, [17] and Korea. [18]

In February of 2007, Black Duck Software completed a third round of venture capital investment for $12 million, led by Focus Ventures and also including existing investors.[19] The company joined the Open Solutions Alliance [20] in April of 2007, received IBM SOA Specialty acceptance in October [21] and, in November 2007, added distribution partners in Hong Kong. [22] Also in November 2007, the company began a distribution partnership with NEC in Japan. [23]

On April 28th 2008, it was announced that Black Duck Software would acquire the assets and technologies of open source code search engine Koders. The Koders search engine will remain free of charge. [24]

[edit] Products & Services

[edit] Black Duck Code Center

Black Duck Code Center is a role-based system used to search, select, approve and track open source and other externally produced software components. The Code Center search engine allows developers to find reusable code in the Black Duck KnowledgeBase, which is regularly updated over the Internet for subscribers. Black Duck Code Center automates the review and/or approval of software components by coordinating communication among identified stakeholders, such as legal counsel, open source review boards, information security, quality assurance, and others. It issues role-specific reports and alerts and provides threaded discussion forums. [25] [26]

Over time, Black Duck Code Center builds one or more catalogs of internally approved components along with a rule base of approval criteria for each project. These features make the approval process faster as time goes on. Developers can use Code Center to discover where a candidate component is used in their organization's code base. This feature is used when selecting code to reuse. It is also used by maintenance and security engineers when installing patches.

One Black Duck Code Center report is a bill of materials (BOM), which identifies all externally produced components within a project. Black Duck's other major product, protexIP, can then be used to check that the actual BOM matches the organization's approval criteria for that project.

[edit] protexIP

The protexIP product scans code in order to highlight conflicts between business policies and code used, and keeps track of issue resolution progress. Different user interface views present information for software developers, managers, and legal counsel. [27]

The protexIP/development product works with the Black Duck KnowledgeBase, which is regularly updated over the Internet for subscribers. The KnowledgeBase compares binary or source code against downloadable code from Internet sites and software vendors, including development kits, proprietary applications, and the Linux, Solaris, Windows, and Mac OS. The KnowledgeBase also contains open source and proprietary licenses, with the full license text and encoded attributes for each license. [28]

[edit] transactIP

The transactIP product is a hosted solution offering short-term use of protexIP and the Black Duck KnowledgeBase on Black Duck Software’s server grid. Reports specific to the merger and acquisition due diligence process are created along with a list of software components in the form of a “Bill of Materials.” [29]

[edit] exportIP

Black Duck exportIP automates cryptography export compliance management for software and software-driven products. This product compares software code against U.S. Federal export regulations for encryption and prepares reports used to fill out the required disclosure forms. [30]

[edit] KnowledgeBase

Black Duck continuously searches the Internet to find source code and key project/component information which is then added to the KnowledgeBase. Each component entry in the KnowledgeBase is populated with metadata including: name, description, version, type, URL, software license, programming language, security vulnerability data, and more.

As of early 2008, the Black Duck Knowledgebase was reported to document over 150,000 open source and commercial software components and their licenses.[31]

[edit] Professional Services

Black Duck Professional Services offer consulting about software compliance, open source software use and creating code reuse policies and procedures using Black Duck products. Black Duck also offers training and customer support services. [32]

[edit] Open Source License Resource Center

The Black Duck Software website includes a free service providing information and analysis about open source licenses.[33]

[edit] Partners & Alliances

Black Duck Software collaborates in various ways with other companies and organizations in the open source sphere.

Technological integration with IBM Rational adds Black Duck functionality to executive-level software management. Open source consultancies work with Black Duck Software to help their clients adopt and implement open source policies that honor licenses while capturing the cost savings of open source software reuse.[34] Similarly, Black Duck has established partnerships with a number of law firms to provide accurate determination of software pedigree—especially helpful when preparing software asset valuation for mergers and acquisitions.[35]

Black Duck is a member of the Eclipse Foundation, the Open Solutions Alliance, and the Open Source Software Institute. Black Duck initiated the Compliance Vanguard Alliance to work with other open source technology firms by providing educational events and information to encourage best practices in managed open source adoption.[36]

[edit] Trivia

The company was named after a pet duck that founder, Doug Levin, found and nursed back to health when he was seven years old. [37] In the Wikipedia article on American Black Duck we read it has long been considered a prize game bird, as it is “fast on the wing.”

[edit] See also

  • Palamida, Inc. - Key commercial competitor
  • FOSSology - Open source competitor, launched in January 2008 by Hewlett Packard
  • Ohloh - Open source network that connects people through the software they create and use

[edit] References

  1. ^ [1] “Open source lands in the enterprise with both feet,’’ InfoWorld, 6 August, 2007.
  2. ^ [2] ‘’Quacking Through Licensing Complexity,’’ San Diego Times, 6 August 2006.
  3. ^ [3]‘’Battles over open source carve niche for startup,‘’ Boston Business Journal, 14 December 2007]
  4. ^ [4] ‘’Taming the Open-Source Monster’’ Waters Magazine, 1 June 2006.
  5. ^ GNU General Public License
  6. ^ [5] ‘‘Breaking the rules with open source,’’ CNET News.com 2 August 2004.
  7. ^ [6] “Taming the Open-Source Monster,‘’ Waters Magazine, 1 June 2006.
  8. ^ [7] “On Behalf of BusyBox Developers, SFLC Files First Ever U.S. GPL Violation Lawsuit,” 20 September 2007.
  9. ^ [8] “The Software Freedom Law Center Files first Enforcement Action for General Public License,” September 20, 2007.
  10. ^ "Black Duck Software Gets $5 Million," Wall Street Journal, 26 July 2004.
  11. ^ [9] “Black Duck Software secures $5M in Series A,” Mass High Tech: The Journal of New England Technology, 23 July 2004.
  12. ^ [10] “Black Duck Software raises $12M in 2nd VC round,” Boston Business Journal, 6 June 2005.
  13. ^ [11] “Black Duck Software Expands Integration Of protexIP/development 4.0 In Ready For IBM Rational Software Validation Program,” Enterprise Open Source Magazine, 7 December 2006
  14. ^ [12] “Black Duck debuts US encryption compliance,” Infoworld, 16 October, 2006.
  15. ^ [13] “Open Source Firm Black Duck Expands Reseller Network In Australia And NZ,” AjaxWorld International, 2 August 2006.
  16. ^ [14] “Black Duck flies into UK with Atos Origin,” Computing, 30 June, 2006.
  17. ^ [15] “Black Duck Software Expands International Reach With New Distribution Partners in Israel and the United Kingdom” Press Release14 November, 2006.
  18. ^ [16]”Black Duck's CEO Douglas Levin to Deliver Keynote at LinuxWorld Korea” Press Release 5 June 2006.
  19. ^ [17] “Valley firms join $12M Black Duck round,” Silicon Valley San Jose Journal,14 February 2007.
  20. ^ [18] Open Solutions Alliance home page.
  21. ^ [19] “Black Duck Software Accepted Into the IBM SOA Specialty,” Press Release 15 October 2007
  22. ^ [20] “Black Duck Software Further Expands its Presence in the Far East” Press Release 19 November 2007.
  23. ^ [21] “NEC and Black Duck Software Partner to Offer Software Component Management Solutions in Japan” Press Release 19 November 2007.
  24. ^ [22] "Black Duck acquires Koders.com"
  25. ^ [23] Black Duck Code Center product page.
  26. ^ [24] Linux Insider: Black Duck Offers Developers a New Tool to Manage Code.
  27. ^ [25] protexIP product page.
  28. ^ [26] KnowledgeBase product page.
  29. ^ [27] transactIP product page.
  30. ^ [28] exportIP product page.
  31. ^ [29] “Black Duck Offers Developers a New Tool to Manage Code,” Linux News, 28 January, 2008.
  32. ^ [30] professional services page.
  33. ^ [31] Black Duck Open Source License Resource Center
  34. ^ [32] Black Duck partners page.
  35. ^ Black Duck legal partners page
  36. ^ [33] Compliance Vanguard Partners page.
  37. ^ [34] Black Duck name page.