Black Duck IP Tool Keeps Open Source Out Of Hot Water

With software developers all over the world creating untold millions of lines of code daily, a knowledge base that sorts out intellectual property (IP) aspects of that software has been created by a Massachusetts firm.

"We've created a comprehensive knowledge base of open source software code prints and third-party binary code prints," said Douglas A. Levin, CEO of Black Duck Software, in an interview this week. "It's a huge problem the Internet has created, because of this huge collaboration." Levin noted that software is being created in many different international locations, often for a single project.

Black Duck's new Enhanced Due Diligence program is aimed primarily at helping lawyers, IT execs, and investors carry out due diligence to determine and document "the pedigree of software assets." Levin noted that the problem of determining IP origin for software has grown as new software is increasingly being created in countries such as China, India, and Pakistan.

"Many developers throughout the world don't respect IP," said Levin. "At the same time, many developers don't realize they may be violating IP." Black Duck's "automated code review" can pick up violations and through remediation efforts, help bring the code into compliance.

Participants in the Black Duck program receive training, materials, and cooperative sales and marketing assistance. Also included in the program is access to Black Duck's protexIP/ONDemand compliance management solution. Levin says important customers of the Enhanced Due Diligence program are lawyers conducting due diligence for mergers and acquisitions.Sean Belanga, of the GTC Law Group LLP, said the Black Duck program helps his firm differentiate its in-house software due diligence program. In a statement, he said: "In the last few years, our clients have become increasingly aware of the risks and rewards of open source software use, and due diligence focused on this issue has become the standard."

Levin said Black Duck has been building its knowledge base over the past three years, and he observed that users can add their own code prints to the database.

"We are the means by which companies can tell their own IP and the IP of others," he said. "In a number of cases, companies are going to complain of misappropriation of GPL and open source code."

Levin said Black Duck can usually determine whether a code violation was accidental or unintentional. "But, of course, we can't tell the motivation," he said.

And the name "Black Duck." What connection does it have to software code?"None," said Levin. "I found an injured black duck when I was seven years old. I nursed it back to health and released it. It was the best pet I ever had."