Black Duck Buys SpikeSource, Hires Former Microsoft Open-Source Manager

Black Duck Software acquires the assets of SpikeSource and also hires Sara Ford, former program manager for Microsoft's CodePlex open-source project hosting site.

Black Duck Software, a provider of products and services for managing the use of open-source software, has acquired the assets of SpikeSource, a provider of software tools and services to automate application component identification and assess security vulnerability.

Among the technologies acquired was SpikeInsight, a cloud-based offering for automated application component identification and security vulnerability assessment; SpikeForge, a forge comprising 17 open-source projects; the Developer Community Forum, a group of forums associated with SpikeSource OSS projects, virtualization management technology and a number of other software assets.

Financial terms of the deal were not disclosed. The acquisition is Black Duck's third and its second in three months, following on the heels of Black Duck's acquisition of from Geeknet. is a free public directory of open-source software and a vibrant Web community of software developers and Free and Open Source Software (FOSS) users. Both acquisitions reflect Black Duck's accelerating growth trajectory-the company is currently growing 58 percent year-over-year in fiscal year 2010-and also further Black Duck's mission to promote FOSS adoption by making it easier for developers to take advantage of the growing body of high-quality code in FOSS projects.

Black Duck's Ohloh site is language- and forge-neutral, and the company will work with SpikeForge project managers to migrate FOSS projects currently hosted on SpikeForge, such as the extremely popular testgen4web testing tool, to independent forges.

"Our growth enables us to make acquisitions that increase the value of our offerings to our customers, while benefiting the FOSS community by making it easier for developers to find and use open source," said Tim Yeaton, CEO and president of Black Duck, in a statement. "Both the SpikeSource and Ohloh acquisitions continue our transformation from compliance tool provider to full life-cycle open-source enabler, community participant and FOSS advocate."

Black Duck will use technology from the acquisition to complement the Black Duck Suite, an enterprise-class solution to the management, compliance and security challenges associated with FOSS use at scale in enterprise application development, the company said. SpikeSource's Solution Analyzer helps developers understand what's in an application through binary scanning and connects to SpikeInsight, a cloud-based service providing guidance on compliance, compatibility and remediation issues.

"SpikeSource is a tremendous set of technologies and a natural fit with Black Duck Software," said Ray Lane, managing partner at Kleiner Perkins Caufield & Byers, and a member of the SpikeSource board of directors, in a statement. "SpikeSource's technologies complement those of Black Duck, and together create a compelling range of capabilities to help manage the use of open-source software by development organizations."

"We see demand for open source growing geometrically with the pressures of a volatile economy and highly constrained IT resources," said Melinda Ballou, program director for Application Lifecycle Management Service at IDC, in a statement. "This SpikeSource acquisition augments Black Duck's strong existing capabilities for open-source management as organizations must increasingly be able to find, access and manage OSS securely. The combined products resulting from this-in addition to and the company's prior portfolio-enable a highly differentiated open-source offering for Black Duck."

In related news, Black Duck hired a former Microsoft program manager to help run Black Duck hired Sarah Ford, former program manager for Microsoft's CodePlex site for hosting open-source projects, to be Black Duck's senior product and community manager for Black Duck said Ford brings nearly 10 years of experience building developer tools and engaging in developer communities. Her passion is to combine agile methodologies with community management to provide the best user experience possible to the Ohloh community.

In a Nov. 15 post on the Ohloh blog, Ford said:

""I spent the last 5 years promoting open source development on, Microsoft's open source project hosting site. During my tenure as the Program Manager for, I watched 10,000 open source projects get created on a forge hosted by Microsoft. I believe a large part of this success comes from utilizing agile methodologies to respond to community feedback via site enhancements. In upcoming posts, I'll talk about how agile is the most fundamental thing you can do to improve the user satisfaction of your site.""