The Many Faces of Open Source Business: Black Duck grows

Black Duck Software – an intellectual property management firm delivering services to identify risks and vulnerabilities in an enterprise’s open-source code – takes advantage of the absence of corporate actors to offer open source services not based on code production.

Few months ago I had an interesting chat with  Doug Levin, Black Duck’s CEO, to know more about how they help organizations to use open source software. Later I reported about the Koders’ acquisition and how it might affect Black Duck offering. Black Duck has more than 600 customers, and “quacks” loud, and I took the chance to ask Peter Vescuso, Senior Vice President of Marketing and Business Development, something more about Black Duck.

In 2002, Black Duck simultaneously pioneered the use of advanced ‘code print’ technology to automatically discover open source and embarked on the creation of our KnowledgeBase which we believe to be the industry’s most comprehensive database of open source software and associated license and other information. The initial applications of our products were predominantly for compliance by development organizations looking to find if they had open source in their code base, as well as due diligence for mergers and acquisitions. As a result of our early work and lead with this technology, and our work and reputation in M&A, Black Duck has become a de facto standard in the due diligence process when significant software assets are being acquired.

Talking with open source entrepreneurs and IP lawyers, many refer to the use of Black Duck professional services as a verb, i.e., “have their software ‘black ducked.’” At this regard Vescuso says that to date Black Duck has been involved in M&A deals valued at over $30B.

Managing open source governance it is also about managing hybrid development, right?

 In fact we see a new paradigm of software development for corporate development organizations that we refer to as ‘hybrid development’ where by open source is mixed with proprietary and other code to deliver applications and services faster, better and cheaper than traditional methods. The difference in hybrid development is that the use of open source brings to the development process unique requirements that need to be met for governance, management and security. Black Duck provides solutions to all these challenges and integrates with existing software development processes and tools. As an example of integration with leading tools, we recently became certified with IBM Rational Build Forge which manages the “assembly” phase of the software development lifecycle and automates the process of creating a deployable application. Black Duck products can be deployed as a ‘process’ integrated within the Build Forge framework to provide a seamless flow of work in the development process.

Black Duck recently joined the Linux Foundation and FOSSBazaar. Why?

The Linux Foundation is helping to accelerate the adoption and use of open source through industry forums and initiatives. We feel that we bring a significant body of expertise and a point of view around open source software with regards to open source licensing, security, and management. We look forward to working with the Linux Foundation and its members to reduce the barriers to open source adoption and raise awareness of its benefits.

Also, in addition to joining the Linux Foundation, we recently joined the Linux Foundation’s governance workgroup FOSSbazaar. We have seen the need from many of our customers for ‘best practices’ around open source policy and process. This is an area that is impeding open source adoption – many of our customers look to us and the community for help — so we look to collaborate with the community to develop best practices, tools, etc. We find open source users from corporate development organizations use FOSSbazaar making it an active community, and one where we can help, as well as learn ourselves.

The open source long tail is still too long, and while open source vendors like OpenLogic, SourceLabs and SpikeSource struggle to keep up with idiosyncratic customers’ needs, firms like Black Duck are appropriating returns from the commons in original ways.

The business side of open source has definitely many faces.

Technorati Tags: commercial open source, open source business, Black Duck, PeterVescuso, DougLevin, FOSSBazaar, Linux Foundation