The first of Black Ducks earlier programs, protexIP/development, provides companies with an extensive license and source-code knowledge base that can be used to rapidly identify instances of open-source software and associated license conflicts in developers code trees.
Its companion service, Black Duck protexIP/registry, enables software vendors to place their code in the knowledge base, after it has been scanned for IP violations by the protexIP/development module.
With this pair, developer and managers can track open source and a companys own code during the software development process. ProtexIP/license management takes the next step of moving software development IP issues from the programmers room to the lawyers office.
With protexIP/license management, a companys in-house counsel, or an outside law firm working with a business via an extranet, can look for possible IP issues during a programs evolution from starting idea to shipping product.
"This will be very useful for companies trying to introduce methodologies to address licensing issues," said Black Duck founder and CEO Doug Levin. In turn, this will mean that the "process will enable companies to avoid costly code reviews, software audits, bad public relations and legal fees," he said.
This problem exists, Levin said, because "virtually all companies that develop software are now working in a mixed-IP environment, where software is created on ever-increasing layers of previous work, without knowledge of copyrights and license restrictions." At the same time, "companies want to take advantage of the benefits that open-source software solutions provide."
However, by using the Black Duck suite, companies can "identify open-source software mixed with company-developed software" and "determine the license restrictions of the open-source software and if theyre compatible with company business goals and policies." Finally, with the Web interface-based program, company attorneys and managers can "manage and track resolution of issues during, and not after, the development process."
Newly hired senior product manager Keith Erskine said resolving issues early can pay off well. "With protexIP/license management, companies can get the lawyers in the loop early. Usually, IP issues were addressed late in the development cycle." Because any IP problems were handled as last-minute details, companies often faced expensive delays in rolling out software.
This isnt just an issue for ISVs. "Were finding companies now that have software compliance teams, albeit they may go under different names. The people in charge of IT want to know now if there are any IP issues with the software coming into their companies," Erskine said.
Testa, Hurwitz & Thibeault LLP, a leading Boston law firm, is already using protexIP in its multidisciplinary Open Source Task Force.
The law firm is finding it useful in counseling its operating-company clients—as well as venture capitalists and institutional investors—on open-source issues in the areas of software development, IP infringement and IP due diligence in venture capital financings, M&A (merger and acquisition) transactions and IPOs (initial public offerings).
Black Ducks programs, though, are useful for more than just companies using open source or the law firms that advise them. The software also can be used to track proprietary code and licenses within a companys IT framework.
Black Ducks chief market, however, is with companies using open source. With this new program, Levin confidently said, "Businesses can use open source safely."
The program, which requires the use of protexIP/development, will be available Monday. Its starting license fee is $9,500 for a two-seat license.