I am of two minds concerning the Black Duck release on encryption in open source.
On the one hand it's interesting to know that 4,000 out of 220,000 tested (less than 2% if you're scoring at home) contain strong encryption, the kind the U.S. still thinks of as "munitions grade."
On the other hand there is no reason to panic, as Dr. Dobbs did. And a close look reveals this release is basically a product launch for Black Duck Export, a new feature in its "watch out, look out, over there" suite of offerings that includes warnings on copyrights and other important issues.
The image that often comes to mind when I think of Black Duck is of Daffy and his friends flying across the sky when Elmer Fudd & Co. start blasting from down below. On the other hand lawyers and spies can also use Black Duck software, so security through obscurity may be a bad move.
For the government this is an opportunity to choose its attitude regarding encryption, which has been an issue for software developers going on 20 years now. Pretending that the U.S. is the only home of this stuff is just plain silly and rules should be uniform. The encryption wars should have ended a decade ago.