As open source software pushes its way further into the enterprise, a new set of risks has arisen regarding IP (intellectual property). The problem is that developers happily borrow code from various projects to save themselves from having to reinvent it. This help is all well and good as long as the resulting software complies with the licenses of the donor projects. The problem managers have is that they cannot know what parts of their code base comes from open source projects. A code snippet reused from a newsgroup posting could actually have come from a copyrighted open source project. And its use could legally require the company to open source its entire product. If the company is an ISV, it might even be faced with being required to offer its product at no cost.
Until recently, managers had to rely on their developers to avoid this problem. Now they can automate the process of checking their code with protexIP 4.0 from Black Duck Software. The product compares in-house code with many code sources, such as open source projects, and reports on matches it finds. A supporting component enables managers and legal counsel to approve the use of specific open source licenses for borrowed code. The solution manages the license agreements and provides a bill of materials that shows the company's obligations for the open source it uses. The license management portion of the product is robust and well-designed. The code analysis and identification, however, leave much to be desired.
Prepping for flight
Black Duck offers protexIP in two basic flavours. One version, protexIP/developer, resides locally at the customer site, with two separate editions available (Enterprise and Professional), differing in functionality. I reviewed Enterprise, the higher-end version of this product. The second version, called protexIP/on-demand, is a hosted edition of the same software that is typically used by IP attorneys and acquisition specialists who need to verify the provenance of software they're examining. Due to the size of the open source database, the on-site installation tends to require its own server. This server runs only on Linux.
In all cases, the client software is Java-based, so it runs on many platforms. To evaluate a code base, you marshal the code into a directory and point protexIP there. Unfortunately, protexIP does not integrate with source-code management systems, although an SDK enables developers to write interfaces should they wish to.
The software can analyse code in many programming languages and even compare binaries with known open products. It does this analysis by creating fingerprints of the source code and comparing them to the database of code prints the company has developed over the years. It then returns a summary of its findings (see screen image) in which it identifies files as being either green (no problem), yellow (awaiting identification), blue (pending approval), or red (definite problem). These colors refer to protexIP's view of how tolerable the applicable licensing terms are to a given site. For example, the Apache license might be acceptable to many sites, whereas the viral provisions of the GPL (General Public License) might lead some companies to preclude its use. A screen used by managers or legal counsel enables approvals to be set for every kind of open source software license requirements and thereby enable protexIP to raise a warning if a match on GPL code is found, for example.
The solution also flags situations in which licenses require conflicting actions from the user. To do this, it relies on a database of more than 650 open source licenses in which it has logged all requirements of the terms of use. This license management works well and will certainly help managers who rely on elements from open source projects know what their responsibilities are.
- +
Strategies for Dealing With IT Complexity 24/12/2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business. - +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Data grids and service-oriented architecture
Wireless LANs: Is my enterprise at risk?
Best Practice in Building an Integrated Information Management Strategy
Security Inside Out
Solve Exchange Mailbox Storage Issues Once and for All
Taking On Demand CRM Integration to the Next Level
Gaining Competitive Advantage Through Enterprise Planning
Email Archiving Implementation: Five Costly Mistakes to Avoid
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
How to Beef Up Your Sales Pipeline
Our economy may be heading towards a recession. Sales rates are dropping. Promotional campaigns are proving less effective than you would like. So how do you continue to grow your business and bring home the sales in such an environment? Download this white paper now to find the answers.
Buying Guides
Latest Products
Buying Guides
