Sniff Out Open-Source CodeSniff Out Open-Source Code

Now that the threat of being sued for improper use of open-source code has been unleashed, a market is developing for automated tools that detect the presence of such code within larger application development environments. Palamida Inc. last week stepped into this nascent market with IP Amplifier 3.0, essentially a search tool and a database that consists of more than 38 million of the most commonly used open-source files.

SCO Group, through its landmark lawsuit against IBM, gets much of the credit for stirring up demand for automated tools that compare intellectual property against open-source code. Companies use these tools to audit and catalog applications before major transactions, such as a product purchase or the acquisition of a software vendor. Such tools become increasingly important to companies that outsource their application development to developers working in component-based, object-oriented environments, says Palamida co-founder Theresa Bui Friday. "You've got developers working around the world who are making business and legal decisions you should be aware of," she says.

IP Amplifier's Detector search tool checks binary, source, and other file types, including images, icons, text documents, and XML, within a user's development environment against its Compliance Library, a database hosted at the user's site. By the end of the year, Palamida will add a feature to IP Amplifier that provides customers with live updates to their Compliance Libraries, much the way antivirus software vendors provide updates to their customers. IP Amplifier produces the results of its searches in XML format so these results can be reported using standard reporting tools, such as Crystal Reports from Business Objects SA.

Palamida last week also revealed the appointment of Mark Tolliver, former chief marketing and strategy officer at Sun Microsystems, to the post of president and CEO.

Palamida's product serves much the same purpose as software introduced over the past year by Black Duck Software Inc. Black Duck in March introduced a hosted version of its protexIP software, designed to help companies identify open-source code being used in their IT environments and ensure that such code is being used properly.

The pressure to meet product-development deadlines affects all software developers, who try to mitigate this pressure by using prepackaged code whenever possible. Free open-source software is a way to create shortcuts without necessarily requiring management sign-off. "We understand that the reality of software today is that it's assembled," says Friday, who founded Palamida along with Jeff Luszcz and Ray Waldin in 2003.

The presence of open-source code is causing concern among business executives, says Mark Radcliffe, a partner and co-chair of the Technology Transfer Group of law firm DLA Piper Rudnick Gray Cary USA LLP. "Almost anything you acquire these days has software in it," says Radcliffe, who also serves as general counsel to the Open Source Initiative, a nonprofit corporation that manages the open-source trademark. "It's not infrequent that people tell us they're not using open source, and that winds up not being the case."

Palamida charges $50,000 to $250,000 for an annual subscription to IP Amplifier. The price depends on the size of the customer's development environment. Black Duck charges an annual fee starting at $25,000 for its protexIP/development product. The company also offers a hosted version, called protexIP/OnDemand. ProtexIP/OnDemand users essentially rent 90-day sessions during which one user can scan up to 10 Mbytes of code against a hosted database for a $3,000 fee. OnDemand's cost and size rise to $25,000 for 100 Mbytes of code.