Tim Yeaton, CEO of Blackduck Software, spent some time with me recently providing an update on what his company is doing. It was good to have a few moments to catch up with Tim. We have been acquaintances for quite some time. We worked together at Digital Equipment Corporation. I was involved in X86/UNIX and he was involved with RISC/UNIX efforts for the company. He went on to lead several startups and was recently Red Hat's CMO.
Here's how the company describes itself
Black Duck Software is the leading provider of products and services for automating the management, governance and secure use of open source software in multi-source development at enterprise scale. Black Duck™ enables companies to shorten time-to-solution and reduce development costs while mitigating the management, security and compliance challenges associated with using open source software.
Black Duck Software powers Koders.com, the industry’s leading code search engine for open source, and is among the 500 largest software companies in the world. The company is headquartered near Boston and has offices across the U.S., Europe and Asia, and has distribution partners throughout the world.
Increasing use of open source
Organizations, feeling pressure to reduce costs and become much more efficient, have been increasingly using open source software as a way to both accelerate their development efforts and reduce their overall costs of development (see Jay Lyman
's recent blog Open source means costs savings
Adopting open source software as part of the organization's software portfolio, while clearly helpful from one perspective, can be tricky from another. Organizations taking this route face some new requirements:
- They really need to have a good understanding of the implications of the many open source licenses so that they can know what they can and can't do with derivative works.
- They need to consider what happens, from a licensing perspective, when code protected by different open source licenses are combined to create new applications or tools.
- If they're in a regulated industry, they need to understand what requirements they face for documentation in case they are audited
It is clear that this is an area in which many need help.
Does your organization use open source technologies? What is your organization doing to track the use of this technology? What steps are you taking to create a proper audit trail?