Black Duck Hunts Open Sources Legal Pitfalls

The startup prepares products to address intellectual-property problems in code before they can become legal troubles.

Black Duck Software Inc. has a different idea to help software developers avoid legal woes: an auditing and management tool for detecting and managing proprietary and open-source code in programs.

The company will demonstrate a beta version of its software at this weeks LinuxWorld in New York and said the final product should ship "early in the second quarter."

In light of The SCO Group Inc.s legal claims that its Unix code has been incorporated into Linux, the mixing of open and proprietary code has become a growing issue for independent software vendors. In theory, the presence of open-source code deeply linked into a software product could render the entire package subject to an open-source license. The reverse—closed source within an open-source program—could also lead to intellectual-property troubles.

With these concerns in mind, Black Duck founder and CEO Doug Levin in December 2002 decided to start looking at technical ways to approach possible legal pitfalls. "We did a whole lot of market research in the first quarter of 2003, and we saw that there was both a clear need for some kind of approach and developers were aware of this," Levin told "So in April, we started working on the programs architecture."

Black Ducks isnt the only effort being made to sort out open and proprietary code. Eric Raymond, one of the open-source movements founding fathers, has created Comparator and Filterator, a pair of tools for quickly finding common code segments in large source trees. Black Duck is attempting to create a program that not only finds common code segments but identifies which software license applies to them.

"I recognized enormous gap in intellectual-property rights were not being addressed in the development cycle, in large part because of the communications gap between developers, project managers and business managers," Levin said. "Frequently, project managers didnt know enough about open source to know if there was a problem. They become the hub between development teams and a companys legal departments.

"So, in one case, when a problem was uncovered late in the development cycle, it resulted in a six-week delay. What Black Duck wants to do is to get rid of the friction between management levels and to minimize IP software risks."

Levin emphasized, "This isnt just for open source; its for proprietary as well. We also want to help people find reusable code in their projects."


Its an unusual project, and so far, Black Duck has survived on private funding. However, Levin confirmed that "were now looking for venture capital. We felt it was important to have a product and customers before seeking VC money. We wanted to be on our best footing and not repeat the dot-com mistakes of having only ideas and no product."

The Chestnut Hill, Mass., company also is working on major partnerships with auditors as well as software and hardware vendors. However, Levin said, "We cant announce anything yet. People have bought into the concept, and they want to see it work. The people were talking to see a great demand for this kind of program. Were seeing interest from our potential partners both for their software-development customers and for their own internal programming needs."

Black Duck is also seeing interest from IP legal and insurance firms. It is getting legal advice from Foley Hoag LLP, a Massachusetts-based, 240-attorney law firm, and other firms in developing its products.

Levin is already looking beyond the companys first release. "We want to develop software around IP risk management. Were in the business for the long haul. We hope to have expanded product line for vertical industry segments and horizontal players. We expect our first customers to be government agencies, large enterprises and software vendors." He said Black Duck also expects business from companies dealing with software outsourcers: "Many U.S. companies are putting trust in programming in foreign countries, but they dont know if theres any IP risk in this software. Our programs will help protect them."