Black Duck Software is set to unveil a new product that helps software makers ensure their products don't violate encryption-related export regulations.
ExportIP identifies encryption algorithms within software code and makes sure they abide by applicable export restrictions. The product includes role-based interfaces for different players involved in export encryption compliance. For example, developers can confirm the identification of algorithms, and export specialists can coordinate the review of projects by developers and submit any required government paperwork.
Companies that violate rules governing the strength of encryption algorithms, which can be exported internationally can be subject to serious penalties. The U.S. Bureau of Industry and Security cited a software company in May for allegedly violating encryption-related export rules and fined the company US$165,000, according to Black Duck. The Bureau of Industry and Security is a division of the Department of Commerce responsible for explaining and enforcing encryption rules.
Black Duck, which makes software compliance management products, plans to unveil exportIP at the Update 2006 Conference on Export Controls and Policy going on this week in Washington, D.C. The Bureau of Industry and Security is hosting the conference.
Black Duck's existing product line include protexIP, which helps companies manage compliance with the various open source and proprietary licenses governing software code.
"Given the nature of software development today, which involves pulling software code from a variety of sources, a software compliance system is vital," said Douglas Levin, CEO of Black Duck, in a statement. "Early conversations with potential exportIP customers show that many large software vendors will use exportIP to improve the efficiency of their established export compliance processes, which often involved manual, time-consuming checks. Smaller vendors can use the solution to identify encryption and explain compliance procedures."