Black Duck Software has announced exportIP, a new software compliance tool that helps organizations ensure that their software products do not violate government restrictions regarding encryption export.
Waltham, Mass.-based Black Duck announced its new offering at the Update 2006 Conference on Export Controls and Policy on Oct. 16.
The Update 2006 conference runs Oct. 15-17 in Washington, and is hosted by the Bureau of Industry Security, a unit of the U.S. Commerce Department that explains and enforces encryption rules.
The U.S. government has set rules for the maximum strength of encryption algorithms that can be exported internationally, and it imposes penalties for companies who violate those rules.
Black Duck officials said exportIP manages compliance with the rules and helps ensure they do not slow down the application development process.
Doug Levin, Black Ducks chief executive, said exportIP joins protexIP as the second product in the companys product line.
ProtexIP helps users manage compliance with open-source and proprietary licenses governing software code.
However, exportIP identifies encryption algorithms within software code and ensures that companies comply with export restrictions applicable to those algorithms.
Moreover, Levin said he believes exportIP is particularly applicable to Microsoft Windows developers, where the ubiquity of the software could mean that algorithms are being reused that have not been categorized in current projects.
Levin said Black Duck has worked closely with its customers over the past three years to develop a system that can manage compliance processes within developed code.
“With exportIP, export of encryption is the latest specific compliance check that system can execute,” Levin said in a statement.
Levin added that based on early conversations he has had with potential exportIP customers, he sees a lot of opportunity for the product.