Open Source Risk Management: a chat with Doug Levin, Black Duck’s CEO
Black Duck Software is an intellectual property management firm based in Waltham, Massachusetts delivering services to identify risks and vulnerabilities in an enterprise’s open-source code.
Doug Levin, Black Duck’s CEO, today was available for a phone call to tell me more about how they help organizations use open source software and third-party code components while managing software licensing obligations and other business risks.
Firms offering intellectual assets giving “horizontal” support, meaning companies that sell services not related to a specific package and not related to software development, could play an important in the European market.
While Asia and USA are historically more acquainted with buying his services, Doug claimed that the European market would develop in the near future and he cited several open source project (Mandriva, ZEA and Alfresco among others) that the company has already worked both directly and indirectly. SourceSense among others is already partnering with them in three different countries, while other two medium sized IT German firms are also Black Duck customers.
Software patents are not central to business accelerators for Black Duck; copyright and 3rd party and OSS license violations are central to Black Duck’s services, products and training.
Talking about takers of GPL Doug stated:
So far small gpl projects associated with FSF were the first to go. We are seeing GPLv3 adoption in relatively small numbers and not being adopted by large projects. SugarCRM and Samb
va were exceptions in this respect.
Doug and I agreed on the fact that SugarCRM made the best decision by not abiding to the OSI “badgeware approved license, and instead choosing the GPLv3, a license which is much closer to the community.
I am looking forward to meet him soon in Europe, and let you know more about how Black Duck is going to help the European open source ecosystem.
Roberto Galoppini, and 
Mark Radcliffe 3:44 pm on November 17, 2007 Permalink
While I have great respect for Doug, I know that you will soon see more commercial major commercial projects adopting GPLv3. I know that several of my commercial clients are seriously considering it, but are waiting for their next revision to make the announcement. I think that we need to wait until a year after the release of GPLv3 to understand the full extent of its adoption. For more thoughts on open soruce issues, you can go to my blog. http://www.lawandlifesiliconvalley.blogspot.com.
Roberto Galoppini 6:03 pm on November 17, 2007 Permalink
Hi Mark, thank for joining the conversation. Today I just wrote about a mobile platform that will be licensed under GPLv3 terms.
I agree with you, only educated customers can do such a choice at this stage, that is good for you, right? 😉
Doug Levin 7:50 pm on November 17, 2007 Permalink
I enjoyed my convo with Roberto, love his blog and agree with Mark Radcliffe that in a year it will be a different license landscape. It will take time for software developers to figure out the merits of v3 relative to other OSI approved licenses.
Black Duck tracks license trends at http://www.blackducksoftware.com/oss. We are fastidious about only tracking deployed projects with licenses, not merely projects that express their intent to license in blogs and press releases.