Open Source Governance: Black Duck keeps Quacking, an interview with Tim Yeaton

Black Duck Software, the intellectual property management firm headquartered near Boston with offices in San Francisco, Frankfurt, Paris, Tokyo and Hong Kong – announced the release of the Black Duck Suite, a unified framework bringing together three Black Duck products (Black Duck Code Center, Export and Protex).

Black Duck ‘s survey conducted among software developers gathered at the SD West Conference held this week in Santa Clara (California),  revealed little awareness about compliance, security and management problems. Actually those issues are addressed by Black Duck products and services, and I asked Tim Yeaton, one of the new CEO met at the open source think tank last week, to tell how he sees the market changing and how Black Duck strategy fits in the big picture.

Industry analysts are reporting reuse of open source in software development on a much broader scale and across a wider set of application segments than ever before.  OSS adoption is being driven by the need to lower development costs while still creating solutions that deliver business value.  The current economic challenges only amplify this need.

Individual developers have known this for awhile, and have enthusiastically taken advantage of OSS and often contributed to its creation or support.  The challenge now is to enable development organizations to realize the economic and time-to-solution advantages of OSS while managing the attendant risks and challenges.

Do you see IT managers making mistakes?

Within larger development organizations, broader OSS adoption brings with it a need for OSS policy, process and automation.  Many managers haven’t thought about key questions such as:

  • How do we provide developers the creative freedom to use any code – open source or their own code – without imposing overhead and slowing them down?
  • How do we rapidly identify and assess new opportunities to accelerate software projects using open source?
  • How can we dynamically manage and track the integration of OSS with our own proprietary and 3rd party code?
  • How do we develop a strategy & policy for broader use of OSS inside our company?
  • How do we address complexities of intellectual property, security, export compliance, version proliferation, etc… when we are using many OSS components in a variety of applications across a distributed organization?
  • Where do we get support and best practices guidance?
  • How can we verify that our software suppliers are complying with our written OSS policies?

These are important questions for development organizations to consider when adopting OSS at significant scale, and these are the challenges the Black Duck Suite is designed to address.  We view our mission as accelerating software development via the managed use of OSS, at scale, in combination with internally developed and 3rd party code.

Black Duck appropriates open source returns closing “holes” left open by the absence of corporate actors, delivering a value proposition that places indemnification, legal risks and vulnerabilities and at the center of its strategy.

How does your suite help, in this respect?

The Black Duck Suite, which we recently announced, is the first comprehensive offering that focuses on these issues.  It leverages the many years of deep knowledge we have about OSS technologies to fully address the unique challenges of OSS management (search, selection, approval, monitoring), compliance (intellectual property/licensing, export), and security.  The Black Duck Suite is designed to complement and integrate with a company’s existing development tools and processes in a seamless fashion, enabling them to effectively use and reuse the approximately 200,000 OSS components tracked in the Black Duck KnowledgeBase, along with their own code.

We have customers today who are able to use 80-90% existing “shovel ready” OSS code in their development projects, preserving their scarce development resources to focus on the unique code that creates real business value for them and greatly accelerates their time-to-solution.  With industry norms of $10-$20 to develop a new line of source code, the cost savings of using pre-existing, proven OSS components is compelling – and this is what Black Duck and our new Suite uniquely enable for customers.

Mike Olson and Mårten Mickos during their speeches at the think tank stressed the importance of a due diligence before M&A, and I heard similar stories also here in Europe. As I mentioned earlier, many refer to the use of Black Duck professional services as a verb, i.e., “have their software ‘black ducked.’”

Black Duck is extending its offer to go beyond M&A deals. After koder’s acquisition keeps ‘quacking’ expanding its offer, and I am looking forward to see how it goes later this year.