Black Duck Code Services Take Flight

The service from Black Duck Software provides open-source license validation and management, code detection, software registry, training, consulting and support.

Black Duck Software, an information services company offering IP risk management and mitigation solutions, on Monday announced the immediate commercial availability of its first comprehensive source-code services program, protexIP for software IP management.

The service provides open-source license validation and management, code detection, software registry, training, consulting and support. Within it, there are two offerings: protexIP/development and protexIP/registry.

The services aim to help commercial software developers and enterprise buyers manage software intellectual property (IP).

To do that, Black Duck protexIP/developmentSM has an extensive license and source-code knowledge base that can be used to rapidly identify instances of open-source software (OSS) and associated license conflicts in developers code trees.

Its companion service, Black Duck protexIP/registrySM, enables software vendors to place their code in the knowledge base after it has been scanned for IP violations by the protexIP/development module.

The point of protexIP is to help software developers enjoy the benefits of working with open-source software by mitigating any IP risks that might exist throughout the development life cycle.

Today, companies that seek to address IP issues in their software development do so by tasking developers, management and in-house legal counsel with reviewing code for possible IP violations.

"Most software companies care greatly about the issues of software licensing and copyright infringement, but its been a grueling, manual process to stay in compliance," said Douglas A. Levin, president and CEO of Black Duck Software Inc.

"Black Ducks automated solutions take much of the complexity and pain out of finding and tracking open-source code in source code."

In an interview, Levin said the solutions also can be used in reverse. Once a company has placed its code in the knowledge base, "It can also check suspicious program code on the Net to see if their program has been leeched out into the Internet."

As it comes from Black Duck, the knowledge base contains the codeprints—a unique digital signature—of OSS source code from,,, and Python.

Levin said Black Duck is trying to cover the most frequently visited and active projects such as Linux and Apache, along with less active programs.

"We have a spider team who spend all their days finding open-source repositories and rendering codeprints of projects," Levin said. "We currently have 35GB of codeprints in our database. By late 2005, we expect it to go to 200GBs taking into account the growth of open-source projects."

Next Page: The softwares server component can be set to obey business policies.