There is good news tonight at Black Duck

Senior vice president Peter Vescuso said what started as a business of open source license compliance has become an enterprise aimed at "the full lifecycle of application development.

"We're helping developers find the right components, evaluate them, and learn the security vulnerabilities. When a developer chooses a component we monitor new security vulnerabilities. They get a live feed for us."

Palamida launched a few years ago with a similar set of competences, but I observed that they are now focused on keeping enterprises current with changes in open source software.

"We still see them," Vescuso said. He noted he worked under Palamida CEO Mark Tolliver at HP back in the day.

Even more interesting than this success, however, is that there are many organizations that are resisting Black Duck's call. Google for instance.

"Google announced Chrome and within a day the first vulnerability was found in Webkit. It's well known. Apple had fixed it. But Google wasn't using automated methods to track where vulnerabilities are. They had the same problem with Android."

Black Duck has yet to crack the Googleplex. "Google feels they're a very sophisticated organization, they know open source." Manual methods and hubris are his biggest competitors right now.

But despite all this, and the growing recession, Black Duck is quacking real loud right now. It will be fun to see how loud they quack when the storm really hits.