Open-source code finder aims to prevent lawsuits

Black Duck has launched an application designed to spot open-source code in proprietary software - and make sure companies don't get into legal hot water

US-based Black Duck Software on Monday released code designed to allow lawyers to resolve the intellectual property issues around open-source software.

This is the latest offering from the company, which released two IP products for developers in May this year. ProtextIP/development highlights potential licence issues through consulting a knowledge base of open-source code and associated licences, while protexIP/registry allows employees to put code it has developed into the knowledge base to assure customers and partners that it has followed best practice in software compliance.

Black Duck claims that software vendors often resolve IP issues only at the end of the development process, when they're under the pressure of a looming product shipment deadline. Its latest product, protexIP/license management, aims to help users avoid this by enabling corporate legal teams to monitor open-source code throughout the software development process.

Doug Levin, chief executive officer of Black Duck Software, said to ZDNet UK that as increasing numbers of companies integrate software components sourced from outside the company, there is a growing need to monitor this process. Levin claims that it is complicated to manage IP issues due to the quantity of open-source code available and the number of licences in use.

The Black Duck product uses a 50GB knowledge base, which is updated with new code from the open-source community through the use of spiders which trawl the Web looking for open-source code, and by monitoring 250 leading open-source projects and community Web sites such as Apache, Sourceforge and Freshmeat, according to Levin.

Levin claims that the product has information on more than 225 licences -- including the 50 licences listed by the Open Source Initiative.

Black Duck currently has 12 customers, including a Boston-based law firm Testa, Hurwitz & Thibeault, which has been beta testing the protexIP/license management tool, according to Levin.

Gary Barnett, a research director at Ovum, said the vast majority of companies do not need such a product. Proprietary software vendors tend to be smart about the risks of open-source software and are already handling it without the use of third party software, for example, by having lists of approved open-source licences, he said.

However, Barnett agreed that the risk of litigation from open-source organisations against the breach of licences is likely to increase over time.

"We can expect the open-source community to be increasingly litigious -- because they have a right to be," said Barnett.

Such lawsuits have already taken place, including a recent case where the author of open-source networking software netfilter successfully sued Dutch company, Sitecom, for breaching the General Public License (GPL).