Black Duck Software pioneered the automation of mixed-origin software component reuse management. The company’s products and services allow organizations to analyze the composition of software source code and binary files, search for reusable code, manage open source and third-party code approval, honor the legal obligations associated with mixed-origin code, and monitor related security vulnerabilities. Black Duck is considered a technology industry leader and often cited in media articles about open source. [1] [2] [3]
Black Duck Software maintains an extensive knowledge base of open source and third party components - most of which are available on the Internet. In the knowledge base, each component is characterized by metadata such as license, language, version, author, and known vulnerabilities. Black Duck products use this information to facilitate search, selection, approval, validation and tracking of software components. Black Duck Software maintains the open source search engine Koders.
The availability of open source software code on the Internet enables software developers to download open source code and incorporate it into run-time environments and new software under development. Since the code is obtained without being purchased, this practice can bypass traditional procurement management and legal review. [4]
The use and redistribution of open source code is governed by a variety of software licenses, specifically open source licenses, some of which are quite complex. The terms and obligations of these licenses can conflict with one another or with an organization’s goals. The most common open source license is the GNU General Public License, or GPL, which includes obligations to credit the original author and copyright holder and to distribute the source code along with any derivative work.[5] The Black Duck Software website includes a free service providing information and analysis about open source licenses.[6]
Open source software creates an efficient business model, incorporating a collaborative software development model. [7] However, modifying or redistributing open source while failing to honor open source license obligations creates legal liability for corporations and their officers. [8] In 2007, open source license infringement litigation went to court in the U.S. for the first time in a suit filed by the Software Freedom Law Center. [9] According to Mark Radcliffe, Deputy General Counsel for the Open Source Initiative, as current and future suits are decided, important case law precedents will be established about the remedies available to open source plaintiffs. [10]
This is the context in which a niche market has developed for products and services from companies such as Black Duck Software that provide automation and information to manage the complexity of emergent composite software development models while avoiding business and legal risks.
President and CEO, Douglas Levin (Doug Levin), founded Black Duck in 2002, at a time when litigation over open source and software intellectual property began in the United States, including the high-profile SCO v. IBM case. The idea struck him that there should be an automated way to keep track of and verify software code origins.
Black Duck Software began shipping its first product, Protex, in 2004. In July 2004, the company had its first round of venture capital funding for $5 million, with investments from Flagship Ventures and General Catalyst Partners. [11], [12]
In June 2005, a second round of funding added $12 million in investment capital led by Fidelity Ventures of Boston and including Intel Capital (a division of Intel Corporation (Nasdaq: INTC)) , SAP Ventures (a division of SAP AG) and Red Hat (Nasdaq: RHAT), along with existing investors Flagship Ventures and General Catalyst Partners.[13] Throughout 2005, the company created partnerships with other open source organizations, including Red Hat[34], the Open Source Software Institute, Sourceforge, and Olliance Group.
During 2006 Black Duck integrated Protex with the IBM Rational [35] management platform [14] and released the exportIP product.[15] Also in 2006, the company expanded its distribution network to include resellers in Australia, New Zealand, [16] the UK, [17] Israel, [18] and Korea. [19]
In February 2007, Black Duck Software completed a third round of venture capital investment for $12 million, led by Focus Ventures and also including existing investors.[20] The company joined the Open Solutions Alliance [21] in April 2007, received IBM SOA Specialty acceptance in October [22] and, in November 2007, added distribution partners in Hong Kong. [23] Also in November 2007, the company began a distribution partnership with NEC in Japan. [24]
On January 28, 2008, Black Duck introduced Black Duck Code Center. On April 28th 2008, it was announced that Black Duck Software would acquire the assets and technologies of open source code search engine Koders. The Koders search engine will remain free of charge. [25]
Black Duck Software products include Protex, Transact, Export, and Code Center. Each application uses the Black Duck KnowledgeBase to identify and manage the reuse of open source and third party code.
The Black Duck KnowledgeBase is continuously updated with downloadable code from Internet sites and software vendors, including development kits, proprietary applications, and the Linux, Solaris, Windows, and Mac OS. Each component entry in the KnowledgeBase is populated with metadata including: name, description, version, type, URL, software license, programming language, security vulnerability data, and so on. The KnowledgeBase also contains open source and proprietary licenses, with the full license text and encoded attributes for each license. Subscribers receive regular KnowledgeBase updates. [26]
Black Duck Protex scans a code base to identify conflicts between business policies and code used, and keeps track of issue resolution progress. Different user interface views present information for software developers, managers, and legal counsel. [27]
Black Duck Transact is a hosted solution offering short-term use of Protex and the KnowledgeBase on Black Duck Software’s server grid. Reports specific to the process of merger and acquisition due diligence are created along with a list of software components in the form of a bill of materials. [28]
Black Duck Export automates cryptography export compliance management for software and software-driven products. This product compares software code against U.S. Federal export regulations for encryption and prepares reports used to fill out the required disclosure forms. [29]
Black Duck Code Center is a role-based system used to search, select, approve and track open source and other externally produced software components. Developers use the Code Center search engine to find new and pre-approved code and to discover where candidate components are being used in their organization's code base. Code Center automates the review and/or approval of software components by coordinating communication among identified stakeholders, such as legal counsel, open source review boards, information security, quality assurance, and others. It issues role-specific reports and alerts and provides threaded discussion forums. Code Center builds one or more catalogs of internally approved components along with a rule base of approval criteria for each project, making the approval process faster as time goes on. To validate a code base, Code Center issues a bill of materials (BOM), which identifies all externally produced components within a project. Then, Protex is used to check that the actual BOM matches the approval criteria for that project. [30] [31]
Black Duck Professional Services offer consulting about software compliance, open source software use and creating code reuse policies and procedures using Black Duck products. Black Duck also offers training and customer support services. [32]
Black Duck Software collaborates in various ways with other companies and organizations in the open source sphere.
Technological integration with IBM Rational adds Black Duck functionality to executive-level software management. Open source consultancies work with Black Duck Software to help their clients adopt and implement open source policies that honor licenses while capturing the cost savings of open source software reuse.[33] Similarly, Black Duck has established partnerships with a number of law firms to provide accurate determination of software pedigree—especially helpful when preparing software asset valuation for mergers and acquisitions.[34]
Black Duck is a member of the Eclipse Foundation, the Open Solutions Alliance, and the Open Source Software Institute. Black Duck initiated the Compliance Vanguard Alliance to work with other open source technology firms by providing educational events and information to encourage best practices in managed open source adoption.[35]
The company was named after a pet duck that founder, Doug Levin, found and nursed back to health when he was seven years old. [36] In the Wikipedia article on American Black Duck we read it has long been considered a prize game bird, as it is “fast on the wing.”
1. [1] “Open source lands in the enterprise with both feet,’’ InfoWorld, 6 August, 2007.
2. [2] ‘’Quacking Through Licensing Complexity,’’ San Diego Times, 6 August 2006.
3. [3] ‘’Battles over open source carve niche for startup,‘’ Boston Business Journal, 14 December 2007]
4. [4] ‘’Taming the Open-Source Monster’’ Waters Magazine, 1 June 2006.
5. GNU General Public License
6. [5] Black Duck Open Source License Resource Center
7. [6] ‘‘Breaking the rules with open source,’’ CNET News.com 2 August 2004.
8. [7] “Taming the Open-Source Monster,‘’ Waters Magazine, 1 June 2006.
9. [8] “On Behalf of BusyBox Developers, SFLC Files First Ever U.S. GPL Violation Lawsuit,” 20 September 2007.
10.[9] “The Software Freedom Law Center Files first Enforcement Action for General Public License,” September 20, 2007.
11. "Black Duck Software Gets $5 Million," Wall Street Journal, 26 July 2004.
12. [10] “Black Duck Software secures $5M in Series A,” Mass High Tech: The Journal of New England Technology, 23 July 2004.
13. [11] “Black Duck Software raises $12M in 2nd VC round,” Boston Business Journal, 6 June 2005.
14. [12] “Black Duck Software Expands Integration Of protexIP/development 4.0 In Ready For IBM Rational Software Validation Program,” Enterprise Open Source Magazine, 7 December 2006
15. [13] “Black Duck debuts US encryption compliance,” Infoworld, 16 October, 2006.
16. [14] “Open Source Firm Black Duck Expands Reseller Network In Australia And NZ,” AjaxWorld International, 2 August 2006.
17. [15] “Black Duck flies into UK with Atos Origin,” Computing, 30 June, 2006.
18. [16] “Black Duck Software Expands International Reach With New Distribution Partners in Israel and the United Kingdom” Press Release14 November, 2006.
19. [17] ”Black Duck's CEO Douglas Levin to Deliver Keynote at LinuxWorld Korea” Press Release 5 June 2006.
20. [18] “Valley firms join $12M Black Duck round,” Silicon Valley San Jose Journal,14 February 2007.
21. [19] Open Solutions Alliance home page.
22. [20] “Black Duck Software Accepted Into the IBM SOA Specialty,” Press Release 15 October 2007
23. [21] “Black Duck Software Further Expands its Presence in the Far East” Press Release 19 November 2007.
24. [22] “NEC and Black Duck Software Partner to Offer Software Component Management Solutions in Japan” Press Release 19 November 2007.
25. [23] "Black Duck acquires Koders.com"
26. [24] KnowledgeBase product page.
27. [25] Protex product page.
28. [26] Transact product page.
29. [27] Export product page.
30. [28] Black Duck Code Center product page.
31. [29] Linux Insider: Black Duck Offers Developers a New Tool to Manage Code.
32. [30] professional services page.
33. [31] Black Duck partners page.
34. Black Duck legal partners page
35. [32] Compliance Vanguard Partners page.
36. [33] Black Duck name page.
Black Duck Software maintains an extensive knowledge base of open source and third party components - most of which are available on the Internet. In the knowledge base, each component is characterized by metadata such as license, language, version, author, and known vulnerabilities. Black Duck products use this information to facilitate search, selection, approval, validation and tracking of software components. Black Duck Software maintains the open source search engine Koders.
The availability of open source software code on the Internet enables software developers to download open source code and incorporate it into run-time environments and new software under development. Since the code is obtained without being purchased, this practice can bypass traditional procurement management and legal review. [4]
The use and redistribution of open source code is governed by a variety of software licenses, specifically open source licenses, some of which are quite complex. The terms and obligations of these licenses can conflict with one another or with an organization’s goals. The most common open source license is the GNU General Public License, or GPL, which includes obligations to credit the original author and copyright holder and to distribute the source code along with any derivative work.[5] The Black Duck Software website includes a free service providing information and analysis about open source licenses.[6]
Open source software creates an efficient business model, incorporating a collaborative software development model. [7] However, modifying or redistributing open source while failing to honor open source license obligations creates legal liability for corporations and their officers. [8] In 2007, open source license infringement litigation went to court in the U.S. for the first time in a suit filed by the Software Freedom Law Center. [9] According to Mark Radcliffe, Deputy General Counsel for the Open Source Initiative, as current and future suits are decided, important case law precedents will be established about the remedies available to open source plaintiffs. [10]
This is the context in which a niche market has developed for products and services from companies such as Black Duck Software that provide automation and information to manage the complexity of emergent composite software development models while avoiding business and legal risks.
Contents
- 1 History
- 2 Products
- 3 Services
- 4 Partners & Alliances
- 5 Trivia
- 6 See also
- 7 References
History
President and CEO, Douglas Levin (Doug Levin), founded Black Duck in 2002, at a time when litigation over open source and software intellectual property began in the United States, including the high-profile SCO v. IBM case. The idea struck him that there should be an automated way to keep track of and verify software code origins.
Black Duck Software began shipping its first product, Protex, in 2004. In July 2004, the company had its first round of venture capital funding for $5 million, with investments from Flagship Ventures and General Catalyst Partners. [11], [12]
In June 2005, a second round of funding added $12 million in investment capital led by Fidelity Ventures of Boston and including Intel Capital (a division of Intel Corporation (Nasdaq: INTC)) , SAP Ventures (a division of SAP AG) and Red Hat (Nasdaq: RHAT), along with existing investors Flagship Ventures and General Catalyst Partners.[13] Throughout 2005, the company created partnerships with other open source organizations, including Red Hat[34], the Open Source Software Institute, Sourceforge, and Olliance Group.
During 2006 Black Duck integrated Protex with the IBM Rational [35] management platform [14] and released the exportIP product.[15] Also in 2006, the company expanded its distribution network to include resellers in Australia, New Zealand, [16] the UK, [17] Israel, [18] and Korea. [19]
In February 2007, Black Duck Software completed a third round of venture capital investment for $12 million, led by Focus Ventures and also including existing investors.[20] The company joined the Open Solutions Alliance [21] in April 2007, received IBM SOA Specialty acceptance in October [22] and, in November 2007, added distribution partners in Hong Kong. [23] Also in November 2007, the company began a distribution partnership with NEC in Japan. [24]
On January 28, 2008, Black Duck introduced Black Duck Code Center. On April 28th 2008, it was announced that Black Duck Software would acquire the assets and technologies of open source code search engine Koders. The Koders search engine will remain free of charge. [25]
Products
Black Duck Software products include Protex, Transact, Export, and Code Center. Each application uses the Black Duck KnowledgeBase to identify and manage the reuse of open source and third party code.
The Black Duck KnowledgeBase is continuously updated with downloadable code from Internet sites and software vendors, including development kits, proprietary applications, and the Linux, Solaris, Windows, and Mac OS. Each component entry in the KnowledgeBase is populated with metadata including: name, description, version, type, URL, software license, programming language, security vulnerability data, and so on. The KnowledgeBase also contains open source and proprietary licenses, with the full license text and encoded attributes for each license. Subscribers receive regular KnowledgeBase updates. [26]
Black Duck Protex scans a code base to identify conflicts between business policies and code used, and keeps track of issue resolution progress. Different user interface views present information for software developers, managers, and legal counsel. [27]
Black Duck Transact is a hosted solution offering short-term use of Protex and the KnowledgeBase on Black Duck Software’s server grid. Reports specific to the process of merger and acquisition due diligence are created along with a list of software components in the form of a bill of materials. [28]
Black Duck Export automates cryptography export compliance management for software and software-driven products. This product compares software code against U.S. Federal export regulations for encryption and prepares reports used to fill out the required disclosure forms. [29]
Black Duck Code Center is a role-based system used to search, select, approve and track open source and other externally produced software components. Developers use the Code Center search engine to find new and pre-approved code and to discover where candidate components are being used in their organization's code base. Code Center automates the review and/or approval of software components by coordinating communication among identified stakeholders, such as legal counsel, open source review boards, information security, quality assurance, and others. It issues role-specific reports and alerts and provides threaded discussion forums. Code Center builds one or more catalogs of internally approved components along with a rule base of approval criteria for each project, making the approval process faster as time goes on. To validate a code base, Code Center issues a bill of materials (BOM), which identifies all externally produced components within a project. Then, Protex is used to check that the actual BOM matches the approval criteria for that project. [30] [31]
Services
Black Duck Professional Services offer consulting about software compliance, open source software use and creating code reuse policies and procedures using Black Duck products. Black Duck also offers training and customer support services. [32]
Partners & Alliances
Black Duck Software collaborates in various ways with other companies and organizations in the open source sphere.
Technological integration with IBM Rational adds Black Duck functionality to executive-level software management. Open source consultancies work with Black Duck Software to help their clients adopt and implement open source policies that honor licenses while capturing the cost savings of open source software reuse.[33] Similarly, Black Duck has established partnerships with a number of law firms to provide accurate determination of software pedigree—especially helpful when preparing software asset valuation for mergers and acquisitions.[34]
Black Duck is a member of the Eclipse Foundation, the Open Solutions Alliance, and the Open Source Software Institute. Black Duck initiated the Compliance Vanguard Alliance to work with other open source technology firms by providing educational events and information to encourage best practices in managed open source adoption.[35]
Trivia
The company was named after a pet duck that founder, Doug Levin, found and nursed back to health when he was seven years old. [36] In the Wikipedia article on American Black Duck we read it has long been considered a prize game bird, as it is “fast on the wing.”
See also
- EnterpriseDB - Develops and supports Postgres Plus Advanced Server, a commercial product based on the open-source PostgreSQL database
- FOSSology - Open source string-search tool, launched in January 2008 by Hewlett Packard
- Funambol - Funambol provides both commerical and open source software for mobile applications
- GroundWork - Provides open source software to deliver IT & network monitoring solutions
- JasperSoft - Open Source Business Intelligence
- Ohloh - Open source network that connects people through the software they create and use
- Palamida, Inc. - Distributor of open source software development tools
- Sourcesense - Sourcesense is a pan-European systems integrator and service provider specializing in open source
References
1. [1] “Open source lands in the enterprise with both feet,’’ InfoWorld, 6 August, 2007.
2. [2] ‘’Quacking Through Licensing Complexity,’’ San Diego Times, 6 August 2006.
3. [3] ‘’Battles over open source carve niche for startup,‘’ Boston Business Journal, 14 December 2007]
4. [4] ‘’Taming the Open-Source Monster’’ Waters Magazine, 1 June 2006.
5. GNU General Public License
6. [5] Black Duck Open Source License Resource Center
7. [6] ‘‘Breaking the rules with open source,’’ CNET News.com 2 August 2004.
8. [7] “Taming the Open-Source Monster,‘’ Waters Magazine, 1 June 2006.
9. [8] “On Behalf of BusyBox Developers, SFLC Files First Ever U.S. GPL Violation Lawsuit,” 20 September 2007.
10.[9] “The Software Freedom Law Center Files first Enforcement Action for General Public License,” September 20, 2007.
11. "Black Duck Software Gets $5 Million," Wall Street Journal, 26 July 2004.
12. [10] “Black Duck Software secures $5M in Series A,” Mass High Tech: The Journal of New England Technology, 23 July 2004.
13. [11] “Black Duck Software raises $12M in 2nd VC round,” Boston Business Journal, 6 June 2005.
14. [12] “Black Duck Software Expands Integration Of protexIP/development 4.0 In Ready For IBM Rational Software Validation Program,” Enterprise Open Source Magazine, 7 December 2006
15. [13] “Black Duck debuts US encryption compliance,” Infoworld, 16 October, 2006.
16. [14] “Open Source Firm Black Duck Expands Reseller Network In Australia And NZ,” AjaxWorld International, 2 August 2006.
17. [15] “Black Duck flies into UK with Atos Origin,” Computing, 30 June, 2006.
18. [16] “Black Duck Software Expands International Reach With New Distribution Partners in Israel and the United Kingdom” Press Release14 November, 2006.
19. [17] ”Black Duck's CEO Douglas Levin to Deliver Keynote at LinuxWorld Korea” Press Release 5 June 2006.
20. [18] “Valley firms join $12M Black Duck round,” Silicon Valley San Jose Journal,14 February 2007.
21. [19] Open Solutions Alliance home page.
22. [20] “Black Duck Software Accepted Into the IBM SOA Specialty,” Press Release 15 October 2007
23. [21] “Black Duck Software Further Expands its Presence in the Far East” Press Release 19 November 2007.
24. [22] “NEC and Black Duck Software Partner to Offer Software Component Management Solutions in Japan” Press Release 19 November 2007.
25. [23] "Black Duck acquires Koders.com"
26. [24] KnowledgeBase product page.
27. [25] Protex product page.
28. [26] Transact product page.
29. [27] Export product page.
30. [28] Black Duck Code Center product page.
31. [29] Linux Insider: Black Duck Offers Developers a New Tool to Manage Code.
32. [30] professional services page.
33. [31] Black Duck partners page.
34. Black Duck legal partners page
35. [32] Compliance Vanguard Partners page.
36. [33] Black Duck name page.
Comments
Write New Comment ▼
Write New Comment
Sorry! This knol's owner(s) have blocked you from editing, making suggestions, or commenting here.