In-Depth

Black Duck Expands Its IBM Rational Ties

The company's integrated app helps hunt down open source software and ensure licensing compliance.

Black Duck Software has integrated its flagship software compliance management solution with IBM Rational Portfolio Manager. The integration links Black Duck's protexIP product, which checks for open source intellectual property in applications, with IBM Rational's enterprise IT life-cycle analysis tool.

The integration isn't the first of its kind for Black Duck. The protexIP product also works with a number of IBM Rational solutions, including ClearCase, Application Developer for WebSphere and Rational Software Architect, which are based on the Eclipse development platform.

Black Duck's integration shores up further support for developers in the Rational Eclipse space. Black Duck also plays a role more broadly in the Eclipse Foundation. For example, Black Duck was selected late last year to ensure that software submitted to the open source Eclipse Foundation meets that body's software licensing requirements.

Black Duck's products are used by both enterprises and software developers. The solutions sort through Java objects, code and binaries to validate the compliance of an application's code base with open source licensing agreements. They also work to ensure regulatory compliance.

In addition to protexIP, Black Duck offers a separate product called exportIP, which is for U.S. companies exporting abroad and international companies exporting into the U.S. market. The exportIP solution validates cryptographic algorithms in a code base and identifies any export restrictions.

In the United States, software development companies are restricted by Export Administration Regulations (EARs), as described in Parts 730 to 774. The regulations place restrictions on U.S. companies from releasing software products to six embargoed countries (Cuba, Iran, Iraq, North Korea, Rwanda and Syria). The rules also prohibit certain strong encryption capabilities in the software.

Black Duck primarily supports enterprises by addressing their copyright and management needs, according Doug Levin, Black Duck's president and CEO. The solutions help in two ways, Levin said. They perform a code analysis that delivers a build of materials to the customer. Secondly, they generate a report that lists intellectual property issues.

Licensing associated with open source code carries some business risk, but it's manageable, Levin said. There are about 59 license approvals by the nonprofit Open Source Initiative; in addition, people have written licenses on top of that. All told, Black Duck's solutions monitor more than 3,000 licenses, he added.

Black Duck offers behind-the-firewall, enterprise-class solutions, as well as on-demand hosted solutions. Levin said that the majority of Black Duck's customers use the installed solution. However software companies going through a merger-and-acquisition process may select the hosted solution instead, he added. Black Duck's hosted solution for estimating due diligence in mergers and acquisitions is called transactIP.

In addition, Black Duck has a professional consulting company that ships out "a delta team" to help companies with compliance issues, Levin said.

Black Duck counts the majority of the top 50 companies as its customers, Levin said, adding that Black Duck currently has more than 350 enterprise customers.

About the Author
Kurt Mackie is a Web editor at the Redmond Media Group. You can contact him at [email protected].

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.