Black Duck Provides Open-Source Legal Tool

Black Duck Software has released code designed to help attorneys wade through the multifaceted intellectual property (IP) issues around open-source software.

As part of its protexIP solution suite, protexIPTM/license management allows corporate legal teams to manage commercial and open-source software licenses and implement IP business policies across software development projects globally, according to the company.

“As open-source and third-party components proliferate and become nested in increasingly complex applications, the challenge of assuring compliance with licensing obligations becomes overwhelming without a comprehensive compliance platform,” said Karen Copenhaver, executive vice president and general counsel of Black Duck.

“ProtexIP/license management empowers the lawyer’s oversight of the development process, from helping define and implement open-source policy to approval of software release,” she continued.

Help for Attorneys

Black Duck executives are betting that too many corporate attorneys are left trying to solve IP issues at the end of the development process, and reason that decisions made under the pressure of a product shipment deadline may not be based on the best information.

The new software seeks to eliminate that pressure by providing a way to resolve issues early and avoid delays and costly source code reviews or potential legal problems. Attorneys can use the compliance management system to govern how software assets are created, managed and licensed.

Meanwhile, the software brings up a question as to whether Black Duck could find itself in hot water with those in the open-source camp who believe open-source software should not be restricted by copyrights. Could what appears like a breakthrough for open-source be another round of controversy in the making?

Likely To Embrace

Steve O’Grady of research firm Red Monk told LinuxInsider that the entire open-source community may very well welcome Black Duck’s latest ware with open arms.

“Tracking individual licenses to particular contributions to make sure that derivative works comply with whatever licensing restrictions the original code had attached to it could potentially help open source,” said O’Grady. “Anything that makes applying the licensing and making sure compliance is a simpler process is a good thing.”

O’Grady said companies need to be aware of the source of borrowed code, i.e. whether it is original or open source. If it is open source, he said, then companies need to be careful to comply with the required licensing restrictions, particularly with GPL, which mandates that any derivative works, additions or changes are made available as open source.

Instant Feedback

Attorneys interact with protexIP/license management using a specially designed Web console to translate their company’s software licenses into a set of license attributes for the protexIP solution suite. Once they’ve entered, attorneys and developers can be immediately informed of potential conflicts with business policies, and of issues relating to license compliance.

From the Black Duck KnowledgeBase of more than 200 existing open-source licenses attorneys can create a customized license template that can be used to identify conflicts between the company’s business goals and the obligations applicable to licensed components in their software.

“As more and more open-source software applications are made available worldwide, companies and their legal departments must adapt with effective approaches to software licensing compliance,” said Ira Heffan, attorney at Testa, Hurwitz & Thibeault.

“Integrating licensing review into the software development process, a cornerstone of Black Duck’s technology, should be a great help to teams trying to deliver software products on budget and on schedule,” Heffan said.