Black Duck Boosts Suite Usability and Performance with Enhancements to Protex

Protex 5.1 offers improved search and performance for large enterprise code sets, builds on expanded KnowledgeBase

WALTHAM, Mass., February 10, 2010 - Black Duck Software, the leading global provider of products and services for accelerating software development through the managed use of open source software, today announced enhancements to Protex, the code analysis engine that is a core component of the Black Duck Suite, a comprehensive platform for managing the use of open source in a multi-source development process.

Protex version 5.1, available immediately, provides faster, more precise code search capability with significant performance boosts. Enhancements include:

• Faster- for enterprise users running code scans and analysis on very large data sets, performance enhancements will speed searches on computer-intensive activities - such as calculating a Bill of Materials for a complex software application - by up to a factor of five.
• Improved search - The Protex 5.1 Advanced Search function, based on Lucene 2.9, offers the ability to use leading wildcard characters and allows improved query structure. Named searches can now be 250 characters in length.
• KnowledgeBase enhancements to the Suite include 10,000 new projects, 600 new sites and over 300 new open source licenses. This version also shows release dates for projects allowing users to more easily match their code with a specific release. With the most comprehensive KnowledgeBase in the industry, customers have increased confidence in the code analysis results versus competitive offerings.

“Enhancements to the Protex 5.1 module of the Black Duck Suite significantly improve productivity and speed of analysis,” said Bill McQuaide, EVP of Products and Strategy, Black Duck Software. “Unlike other code analysis tools, the Suite can quickly search and analyze enterprise-scale code bases comprised of hundreds of megabytes of code. For our enterprise customers - the majority of whom have chosen the Black Duck Suite - the performance and search support enhancements provide a distinct competitive advantage.”

For more information on Protex 5.1 and the Black Duck Suite visit www.blackducksoftware.com.

About Black Duck Software

Black Duck Software is the leading provider of products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck™ enables companies to shorten time-to-market and reduce development costs while mitigating the management, security and compliance challenges associated with open source software. Black Duck Software powers Koders.com, the industry’s leading code search engine for open source, and is among the 500 largest software companies in the world, according to Softwaremag.com. The company is headquartered near Boston and has offices in San Francisco, Paris, Tokyo and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts

Peter Vescuso
Black Duck Software
press@blackducksoftware.com
+1 781-891-5100 Ann Dalrymple
TopazPartners
adalrymple@topazpartners.com
+1 781-404-2432

 

Black Duck Software Awarded Patent for Core Technology That Automatically Resolves Software License Obligations and Conflicts

Black Duck Suite examines code, mitigates risk and ensures compliance, making open source easier to use

WALTHAM, Mass., February 2, 2010 - Black Duck Software, the leading global provider of products and services for accelerating software development through the managed use of open source software, has been granted a patent protecting core technology that can automatically identify license obligations and resolve license conflicts for legally-protectable content (e.g. software, multimedia, video, audio, textual representations, works of art, visual representations, technological know-how, business know-how, contract rights, and/or software elements, etc.).

US Patent No. US 7,552,093 B2 covers technology at the heart of the Black Duck Suite, a comprehensive management platform for controlling the use of open source in a multi-source development process. The patented technology allows the Black Duck Suite to scan an organization’s code base of open and closed-source software components using various licenses to determine which license obligations are in effect and which licenses obligations may be in conflict.

With this patent, the Black Duck Suite goes beyond competitive offerings, scanning code according to license attributes, restrictions, uses and interactions against the Black Duck KnowledgeBase of hundreds of thousands of open source projects, which use more than 1,800 open source licenses. The Suite provides development organizations with tools that effectively automate the search, selection and compliant integration of open source components, making the low-cost economics of open source available at enterprise scale.

“This patent represents core technology in the pioneering Black Duck application,” said Bill McQuaide, EVP of Products and Strategy, Black Duck Software. “In these difficult times more and more customers are turning to multi-source development using OSS to stretch resources. Open source components are free but all come with license obligations that need to be met,” added McQuaide. “Customers are building new apps and services with dozens or hundreds of components. Black Duck’s technology enables organizations to ‘design in’ compliance and eliminate or minimize potential human error in manual license checking, saving time and money and mitigating legal risk and exposure from unmet license obligations.”

The patented technology is especially powerful when used in large-scale development projects, where customers build applications from dozens or hundreds of components. As enterprises using multi-source development with open source software create software products, applications, and services by combining smaller building blocks of software - each of which may have its own unique license obligations - the Black Duck Suite automatically compares license obligations, identifies conflicts between the sub-components, and automatically suggests license alternatives.

For more information on patent US 7,552,093 B2 or the Black Duck Suite, visit www.blackducksoftware.com.

About Black Duck Software

Black Duck Software is the leading provider of products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck™ enables companies to shorten time-to-market and reduce development costs while mitigating the management, security and compliance challenges associated with open source software. Black Duck Software powers Koders.com, the industry’s leading code search engine for open source, and is among the 500 largest software companies in the world, according to Softwaremag.com. The company is headquartered near Boston and has offices in San Francisco, Paris, Tokyo and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts

Peter Vescuso
Black Duck Software
press@blackducksoftware.com
+1 781-891-5100 Ann Dalrymple
TopazPartners
adalrymple@topazpartners.com
+1 781-404-2432

Black Duck Software Names Open Source Rookies of 2009

New Projects reflect the breadth of open source innovation in Cloud computing, Gaming, Health Care, Mobile

WALTHAM, Mass., January 19, 2010, — From a Twitter client for World of Warcraft to a natural language processing system for the clinical health care community, open source projects have the answer to an increasing range of development challenges, according to Black Duck Software, which today announced its 2009 open source ‘Rookies of the Year’ list.

Working from a list of over 19,000 new projects launched in 2009, Black Duck evaluated project popularity using a scoring system that awards points for the number of releases within a project, the number of developers involved, and the number of web sites linked to the project. After auditing its findings and normalizing scores, Black Duck determined the top 10 Rookie projects.

Spanning mobile, healthcare, cloud computing, gaming and social media/collaboration, the Rookies exemplify the flexibility - and time-to-market advantage - of open source.

The Black Duck Rookies of the Year for 2009 include:

1. Live Android - for those who want to try Android without buying a phone, Live Android lets the user run Android on his or her PC without affecting other files.
2. Open Health Natural Language Processing - developed by the Mayo Clinic and IBM, the project gives medical clinicians and researchers access to unstructured textual documents (e.g., pathology reports, clinical notes, etc.)
3. Mobile Browser Definition File - provides all the information needed to adaptively render content for mobile phones and devices, presenting server applications with a set of 67 capabilities or properties - from screen size to cookie support - to describe a mobile client device.
4. Redis (REmote Dictionary Server) - An advanced key-store database which supports very fast, persistent access to a dataset. A simple way of storing data and a concept that can scale to the cloud.
5. Smasher - Audio loop slicer designed to create striking effects from WAV, MP3, FLAC or AIFF files in seconds without a sequencer. Effects include filter sweeps, phasing, flanging, delay, and distortion.
6. AbiCloud - Infrastructure software for the creation and integral management of public and private clouds based on heterogeneous environments. The project aims to offer users a tool with the capacity for scaling, management, automatic and immediate provision of servers, storage, networks, and virtual network devices, as well as applications.
7. Transdroid - Remote torrent client for Android that supports faster downloads of large video, audio or software files.
8. Rainmeter - This customizable PC resource meter can display various performance data in different formats. Rainmeter can measure CPU load, allocated memory, network traffic, performance data, uptime, free disk space, and more.
9. TweetCraft - This World of Warcraft add-on enables players to send and receive tweets using Twitter without leaving the game; automatically upload and post screenshots using TwitPic (shares photos on Twitter) and automatically tweet certain in-game events such as achievements.
10. Native Client - Runs x86 native code in web applications, with the goal of ensuring browser neutrality, OS portability, and safety.

“The Rookies of the Year projects represent some of the hottest areas in software – cloud, gaming, mobile, healthcare – and open source at its best, communities identifying problems and developing solutions in an open, collaborative process,” said Peter Vescuso, Executive Vice President, Black Duck Software. “ Some of the projects are niche and others are well-known, but all represent the broadening innovation and influence of open source software.”

Black Duck also identified five Honorable Mention projects lead by Android. Read more about these projects at the Black Duck blog: http://blog.blackducksoftware.com/?p=571.
 
Black Duck spiders the Internet for open source code, collecting information about projects and code into the Black Duck KnowledgeBase, which contains information on more than 230,000 open source projects from more than 4,500 unique websites. For additional information on Rookie open source projects, visit www.blackducksoftware.com.

About Black Duck Software
Black Duck Software is the leading provider of products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck™ enables companies to shorten time-to-market and reduce development costs while mitigating the management, security and compliance challenges associated with open source software.  Black Duck Software powers Koders.com, the industry’s leading code search engine for open source, and is among the 500 largest software companies in the world, according to Softwaremag.com. The company is headquartered near Boston and has offices in San Francisco, Paris, Tokyo and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts

Peter Vescuso
Black Duck Software
press@blackducksoftware.com
+1 781-891-5100 Ann Dalrymple
TopazPartners
adalrymple@topazpartners.com
+1 781-404-2432

 

Black Duck Software Growth Surges in 2009, Closes Year with Substantial Gains

Year-over-year bookings grow 37%

WALTHAM, Mass., January 13, 2010— Shattering growth records for Q4 and 2009 overall, Black Duck Software, the leading global provider of products and services for accelerating software development through the managed use of open source software, today announced a record Q4 and 2009 performance that saw the company achieve a 37 percent year-over-year growth in bookings for the year.

Growing market awareness of the importance of managing and controlling the use of open source software fuelled Black Duck’s momentum and contributed to robust Q4 sales, with world-class companies SAP, Compuware, and SITA signing on as new customers.

In surpassing its 2009 bookings plan, Black Duck grew its presence in all key business sectors, with mobile and enterprise software deals leading the wave.

Black Duck’s services business also grew significantly (30%) in Q4, with the software IP assessments business up 31% year-over-year and rising to 34% sequentially from Q3 ‘09 to Q4 ‘09, signaling resurgence of the M&A market.

Black Duck helps its customers’ development organizations improve efficiency and accelerate time-to-solution using a multi-source development process that combines open source software with internally-developed and third-party code. Black Duck solutions enable the widespread use of open source software while mitigating the associated management, compliance and security challenges.

“2009 was a difficult year for many companies, but Black Duck’s products and services helped companies stay competitive, effectively managing resources and reducing cost and risk,” said Tim Yeaton, CEO and President. “Black Duck’s value proposition – making it simple to use open source code at enterprise scale - helps our customers develop software and products more effectively, increasing competitive advantage.”

Fiscal year 2009 year-end successes include:

• Breakthrough growth in a difficult economy. Fiscal year 2009 saw the launch of the Black Duck Suite, which contributed to a bookings surge of 37 percent year-over-year against 2008 - with 2H 2009 annualized growth even higher. The company’s subscription and professional services business grew substantially, with software IP assessments posting growth of 85 percent for the second half of the year, signaling a return to growth in the mergers and acquisitions market.

• Achieved positive management operating income in Q4 and for all of 2009. Billings exceeded total expenses for the quarter and the entire year due to the company’s strong management of income and expenses.

• International expansion continues with Tokyo office. In addition to maintaining international offices in Hong Kong, Frankfurt and Paris, the company opened a Tokyo office to serve channel partners and customers in the Asia-Pacific region.

• New customer growth. The company added 45 new customers in Q4, ending the year with more than 700 customers. New customers reflect strength in the enterprise software and mobile and telecommunications sectors.

• Significant enhancements to Koders.com. Black Duck broke the 2.5 billion lines of code mark with Koders.com, its free open source code search engine. Black Duck has increased the open source software code available through Koders.com by 400 percent since acquiring the site in 2008.

• Awards and Recognition in 2009:

 

• Named to Piper Jaffray’s list of "Nifty 150" private cloud computing companies.
• Named to Software Magazine Software 500 ranking of the world’s largest software and service providers for the second year in a row. The company moved up 26 places in the rankings. The Software 500 is a revenue-based ranking of the world’s largest software and services suppliers.
• Named to the SD Times 100. Recognized in the Tools and IDE categories for products and services that support multi-source development.
• Named a 2009 voke Innovator. Recognized for helping developers use open source code and transforming the application lifecycle through innovation.

Listen to a podcast interview with Tim Yeaton, CEO and President of Black Duck Software reviewing 2009 and looking at 2010 open source trends by visiting http://ducks.blackducksoftware.com/~webmedia/_Podcasts/BDS-Tim-Yeaton-1-11-10.mp3

About Black Duck Software

 

Black Duck Software is the leading provider of products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck™ enables companies to shorten time-to-market and reduce development costs while mitigating the management, security and compliance challenges associated with open source software. Black Duck Software powers Koders.com, the industry’s leading code search engine for open source, and is among the 500 largest software companies in the world, according to Softwaremag.com. The company is headquartered near Boston and has offices in San Francisco, Paris, Tokyo and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts

Peter Vescuso
Black Duck Software
press@blackducksoftware.com
+1 781-891-5100 Ann Dalrymple
TopazPartners
adalrymple@topazpartners.com
+1 781-404-2432

Black Duck Software and Koders.com identify 2009's most popular computer language keywords

“12 Days of Code Search” based on hundreds of thousands of searches performed on Koders.com

Waltham, Mass – Dec. 28, 2009 – Koders.com, the leading software code search engine, today issued a summary of the most popular computer language keywords, files and projects used by developers in December, 2009. Analyzing search engine trends in a number of different computer languages, the “12 Days of Code Search” is based on hundreds of thousands of searches and downloads performed by thousands of users.  Results were compiled and analyzed by Black Duck Software, the leading provider of products and services for automating the management, governance and secure use of open source software at enterprise scale.

Powered by Black Duck Software, Koders.com is a free code search website serving tens of thousands of unique visitors per day. Koders.com includes 2.5 billion lines of open source code collected from more than 4,500 Internet sites. Black Duck has increased the open source software code available through Koders.com by 400 percent since acquiring the site in 2008. To identify the most popular open source software keywords and projects and to access code, visit Koders.com.
 

Findings from 2009’s “Twelve Days of Code Search”

C-language
Most popular search keyword: include
Most downloaded file: cdefs.h from the snort project
Most viewed C-language project: GNU Core Utilities

C++
Most popular search keyword:  windows.h.
Most downloaded file: GPSInterface_Serial.cpp from the Roadnav project.
Most viewed C++ language project : TONG.

Java
Most popular search keyword: java
Most downloaded file: BTree.java from the Java LDAP Server project.
Most viewed Java language project: Java LDAP Server.

Javascript
Most popular search keyword: window.
Most downloaded file: javascript.js from the PHP MMORPG project.
Most viewed Javascript language project: eGroupWare.

PHP
Most popular search keyword: forum.The
Most downloaded file: demo31_show_who_is_online-chat.php from the phpFreeChat project.
Most viewed PHP language project: PHP MMORPG.

Perl
Most popular search keyword: readdir
Most downloaded file: autorun.pl from the project Ethereal Darkness.
Most viewed Perl language project: ActivePerl.

Python
Most popular search keyword: wxpython.
Most downloaded file: fog.py from the Cygwin Ports -QScintilla (Qt3) project.
Most viewed Python language project: DocEng Toolkit.

SQL
Most popular search keyword: oracle
Most downloaded file: Create Trigger Basic Template.sql from the sqlWebArchitect project.
 Most viewed SQL language project: sqlWebArchitect.

C#
Most popular search keyword: gridview
Most downloaded file: socketMembers.cs from the Networking .NET Class Library – NetCl project. The most viewed C# language project on Koders.com was ImageMaster.

Delphi
Most popular search keyword: thread.
Most downloaded file was IcsMD5.pas from the Simple Reverse Proxy (pxy)(pxy) project
 Most viewed Delphi language project: FreePascal.

Ruby
Most popular search keyword: socket
Most downloaded file was echo_cli.rb from the RubyPKI project.
Most viewed Ruby language project:  Dango.

As a 12th day surprise for the community, Black Duck announced that it has added about 100 million lines of code (LOC) to Koders.com, officially breaking the 2.5 billion LOC barrier. Billions more lines of code are covered by Black Duck in its KnowledgeBase. “Our goal is to make the code in the KnowledgeBase available as a free resource for the global development community,” said Peter Vescuso, Executive Vice President, Black Duck Software. ”In addition, we are productizing the code search in Koders so that developers can apply search to their own code, inside the firewall. We call it Black Duck Code Sight™, and it’s available free for use with up to 5 million or fewer lines of code, and also as an upgradeable Enterprise Edition. We believe code search is a significant productivity booster for software developers, and are excited, on the 12th day of code search, to make Code Sight available to developers,” added Vescuso.”

About Black Duck Software
Black Duck Software is the leading provider of products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck™ enables companies to shorten time-to-market and reduce development costs while mitigating the management, security and compliance challenges associated with open source software.  Black Duck Software powers Koders.com, the industry’s leading code search engine for open source, and is among the 500 largest software companies in the world, according to Softwaremag.com. The company is headquartered near Boston and has offices in San Francisco, Paris, Tokyo and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts

Peter Vescuso
Black Duck Software
press@blackducksoftware.com
+1 781-891-5100 Tim Allik
TopazPartners
tallik@topazpartners.com
+1 781-404-2410

 

Black Duck Software Announces Enterprise Code Search Initiative for the Black Duck Suite

Details Rollout for Enterprise Code Search

WALTHAM, Mass., December 15, 2009 — Black Duck Software, the leading global provider of products and services for accelerating software development through the managed use of open source software, today announced Black Duck Code Sight™ as part of its Code Search Initiative designed to empower developers and enterprises by providing comprehensive code search capability as part of the Black Duck Suite. The search technology comes from Black Duck Koders.com, the leading open source code search site.

The code search initiative has three phases: expansion of open source code available at Koders.com; release of Black Duck Code Sight Enterprise Edition and Free Edition for enterprise code search, and an open integration framework initiative for community expansion of integrations with source code management systems.

Available today, Koders.com, the free code search web site serving tens of thousands of unique visitors per day, has been expanded to now access over 2.5 billion lines of open source code. Black Duck has increased the code freely available via Koders.com by 400 percent since acquiring the site in 2008.

The company also plans a Q1 2010 addition to its Black Duck Suite: Black Duck Code Sight, an enterprise code search capability. Based on the proven scalable search technology behind Koders.com, Code Sight powers a number of public sites including the corporate developer network of one of the largest technology companies in the world. Code Sight expands the current capability of the Black Duck Suite beyond searching metadata associated with open source projects, with the addition of source code search to greatly enhance developer productivity and code quality.

Code Sight will index and make software searchable across multiple source code repositories for local or geographically distributed development teams. With this addition, the Black Duck Suite will provide comprehensive code search -- open source component metadata as well as an organization’s internal source code – that can increase developer productivity by finding code quickly, locating and tracking down bugs faster, and reducing redundant development. Code Sight will integrate securely and seamlessly with a customer’s existing source code management systems and developer workflows.

“With the addition of Code Sight, the Black Duck Suite will help developers realize even greater productivity gains and further accelerate software development,” said Tim Yeaton, CEO and President, Black Duck Software. “By enabling the search of both metadata and source code, we are giving developers more powerful ways to find the code they need, when they need it, in compliance with company policies, all the while giving them up-to-date version, license and security data about that code. It’s a powerful suite of tools that will enable developers to be more agile and productive, and provide competitive advantage to their companies.”

Also in Q1, Black Duck will release Code Sight Free Edition, a free version of the enterprise code search product designed to be used by teams of developers and community projects. Code Sight Free Edition will be fully functional with capacity for up to five million lines of code. Code Sight Free Edition can be upgraded to Code Sight Enterprise Edition. Developers interested in being notified about the availability of the free or enterprise version can register at: www.blackducksoftware.com/code-sight

To enrich its code search offerings, in Q1 Black Duck will launch an open integration framework initiative to enable customers and partners to expand source code repository integration with Code Sight. Code Sight comes with built-in integration for IBM Rational ClearCase, Subversion, Git, Microsoft Team Foundation Server and other open source and commercial source code management systems. The addition of the open framework initiative will enable community-led expansion of additional source code repositories.

For more information on Black Duck software see www.blackducksoftware.com. Visit Black Duck’s free open source search engine at www.koders.com. To sign up for Code Sight Free Edition, register at: www.blackducksoftware.com/code-sight

About Black Duck Software

Black Duck Software is the leading provider of products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck™ enables companies to shorten time-to-market and reduce development costs while mitigating the management, security and compliance challenges associated with open source software. Black Duck Software powers Koders.com, the industry’s leading code search engine for open source, and is among the 500 largest software companies in the world, according to Softwaremag.com. The company is headquartered near Boston and has offices in San Francisco, Paris, Tokyo and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts

Peter Vescuso
Black Duck Software
press@blackducksoftware.com
+1 781-891-5100 Ann Dalrymple
TopazPartners
adalrymple@topazpartners.com
+1 781-404-2432

Black Duck Software Offers Five-Point Checklist to Guide Successful Deployment of Applications Built with Open Source Software

Checklist helps organizations overcome barriers to OSS adoption, leading to more efficient software development processes

WALTHAM, Mass., December 8, 2009 - Open source software (OSS) has garnered interest from commercial software developers and enterprise IT managers as a way to cut costs, increase efficiency and speed time-to-market, but many remain unsure how to integrate and manage open source deployed in their applications and systems.

Black Duck Software, (www.blackducksoftware.com) the leading global provider of products and services for accelerating software development through the managed use of open source software, has reviewed thousands of successful OSS deployments and developed a five-point checklist that can be used by software companies, where concerns about intellectual property and licensing risk can inhibit OSS adoption, and enterprise IT executives, where risk to infrastructure and operations are obstacles to deployment of OSS code.

Jeff Durand, VP of Professional Services at Black Duck Software, notes “Enterprise IT executives want to get more out of investments in technology and reduce complexity. They worry about managing the thousands of applications used in their operations and are concerned that applications with OSS code may create risk and be difficult to manage. Developers, conversely, are looking for code reuse. They are concerned with increasing the velocity of development, reducing complexity and increasing innovation. Open source, properly implemented, is an answer for both groups.”

Durand recommends developers and enterprises use a five-point checklist to ensure successful deployment of OSS code.

1. Have a written, explicit OSS strategy - Know what you are trying to do with open source, and develop a disciplined OSS policy and set of practices, advises Durand. Automation through tools that identify OSS code and any license dependencies is a critical first step. “Automation makes development organizations more efficient and builds quality into the process,” he observes. “Manual processes are not fast enough to aid in the discovery of hidden or potentially encumbered code. The more automation is in place, the better able a developer will be to take advantage of OSS code.” Automation also minimizes the impact of OSS compliance policies on developers, who can stay focused on developing rather than tracking code provenance.


2. Integrate with other systems, especially build and change management tools -Integrating with a company’s build system is a natural and convenient place to check compliance, scan for third-party and OSS code and identify conflicts. Finding issues early in the development cycle will save effort later.


3. Check all possible sources for incoming OSS - A single-source application or code base is the exception, not the rule, in today’s global development infrastructure, says Durand. Code can come from many sources - OSS forges, community projects, third-party developers. Pointing to Microsoft’s recent brush with undetected OSS code, Durand notes that outsourcing software development has become a best practice - leaving software companies and enterprise IT departments with doubts about code provenance. “Your developers, external developers and contractors are part of your software supply chain,” he says. “You need a best practice that describes how to manage inbound code, an institutionalized policy for managing third-party and OSS code, and a documented process that the entire organization can understand and support.”


4. Drive efficiency by identifying and standardizing on OSS components- A lack of control in the development process can leave a company with 10 different XML parsers, multiple libraries with similar functionality, or logging and bug-tracking systems that offer largely the same features. Standardizing on an approved set of OSS components (e.g., Tomcat, log4j, zlib, etc.) by establishing a process and system for bringing in and evaluating components eliminates the need to test and get approval for the same components over and over. “We recommend creating an approved set of components that is accessible and usable by the entire development organization,” says Durand. “For example, the Black Duck Suite includes a platform and workflow to create a catalog of approved components. Developers can check the approved list first before spending the effort to find a component on their own, getting it approved, etc.” The key, adds Durand, is to standardize on proven OSS components as a best practice using appropriate process, rigor and review of incoming code.


5. Contribute back to avoid forking code - A big part of the OSS experience is giving back to the community. Some licenses explicitly state how code must be returned to the community. If your development plans include using OSS, it’s a good idea to think from the start about contributing code back including bug fixes. Not only will this help your organization eliminate the need to maintain your code as a separate fork, points out Durand, it’s a good example of cooperative development at work and you maintain a good working relationship with the community.

For more information about Black Duck’s Five-Point Checklist, listen to the podcast with Jeff Durand, VP of Professional Services, Black Duck Software at http://ducks.blackducksoftware.com/~webmedia/_Podcasts/BDS-Jeff-Durand-12-08-09.mp3. For more information on Black Duck Software and the Black Duck Suite, visit www.blackducksoftware.com.

About Black Duck Software

Black Duck Software is the leading provider of products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck™ enables companies to shorten time-to-market and reduce development costs while mitigating the management, security and compliance challenges associated with open source software. Black Duck Software powers Koders.com, the industry’s leading code search engine for open source, and is among the 500 largest software companies in the world, according to Softwaremag.com. The company is headquartered near Boston and has offices in San Francisco, Paris, Tokyo and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts

Peter Vescuso
Black Duck Software
press@blackducksoftware.com
+1 781-891-5100 Ann Dalrymple
TopazPartners
adalrymple@topazpartners.com
+1 781-404-2432