Code-Checking Service Hunts Down Litigation RisksCode-Checking Service Hunts Down Litigation Risks

The questions raised by SCO Group's lawsuits against various users of the Linux operating system may be out of sight for the time being, but the issues the case raises for companies using open-source software aren't out of mind. Black Duck Software Inc. is tapping into those concerns with its new, hosted version of its protexIP software, designed to help companies identify open-source code being used in their IT environments and ensure that code is being used properly.

ProtexIP OnDemand is a service, allowing companies that only want to check portions of the software in their IT environments to do so at a lower cost than buying Black Duck's protexIP/development packaged software. ProtexIP/OnDemand is designed to appeal to smaller companies and software vendors that don't have the need or resources to dedicate a server to Black Duck's compliance-management technology, company president and CEO Doug Levin says.

Black Duck's core protexIP/development software, designed for companies to purchase and run in-house, checks a company's code against a database of existing code, and then licenses and reports any potential license or intellectual-property conflicts. Black Duck calls this repository its Knowledgebase. ProtexIP/development customers receive a copy of the Knowledgebase to run within their own IT environments, while protexIP/OnDemand customers have access to a version of the Knowledgebase hosted by Black Duck.

Whereas protexIP/development customers pay an annual fee starting at $25,000 for unlimited use of Black Duck's software and Knowledgebase updates, protexIP/OnDemand users essentially rent 90-day sessions during which one user can scan up to 10 Mbytes of code against the Knowledgebase for a $3,000 fee. OnDemand's cost and size scale up to $25,000 for 100 Mbytes of code.

The availability of protexIP/OnDemand as a service with flexible pricing means that Navica Inc., a small IT services firm based in Silicon Valley, can consider using the technology as part of the services it provides to its clients. Navica CEO Bernard Golden likens the difference between protexIP/development and protexIP/OnDemand to the difference between Siebel Systems and Salesforce.com. Salesforce built its place in the customer-relationship-management market offering it as a service instead of packaged software, and the company has forced Siebel and others to respond with their own "on-demand" efforts.

The SCO Group case increased concerns about using open-source code because the company claimed it owned key portions of the Linux operating system and sued not only IBM but end users of Linux based on their claims. Black Duck launched just a few months before SCO Group last March sued auto-parts dealer AutoZone Inc. simply for using Linux. Concern over exposure to intellectual-property lawsuits was peaking.

The Black Duck OnDemand tool lets a user select the code to check, and the tool generates a list of licenses that govern that code and the implications of each license, Golden says. "As more and more companies become aware of open source as an option, inevitably they'll need to know the implications of using that software," he says.

Golden understands that the demand for licensing compliance will ebb and flow with the market's overall interest in avoiding potential litigation for misusing intellectual property. It's not likely that more than half of Navica's clients will have an interest in this type of service at any one time, but it's best to make it available, he says, adding: "The greatest market for burglar alarms is people who've had their houses robbed."

Black Duck's Levin acknowledges that companies might not be as concerned today with intellectual-property litigation as they were a year ago, when the outcomes of SCO's lawsuits against IBM, AutoZone, and DaimlerChrysler were less clear. But the need for companies to understand how their software is governed by licenses will not wane over time, he adds. In fact, it becomes more of an issue as open-source software is integrated into proprietary environments. Says Levin, "The phenomenon surrounding open source is expanding inexorably, as more and more people are educated about open source's capabilities."