Startup Black Duck Software Inc. will update its product line next week with two new products designed to help companies better manage their use of open-source software.
On Monday, the Waltham, Massachusetts, company will ship the first version of its protexIP/Development software, a management tool for companies that develop with open-source software that allows managers to see which, if any, of their developers' software contributions contain open-source code, and provides an audit trail that tracks individual technical contributions.
The protexIP/Development software comes with a database of over 120 licenses ranging from the GNU General Public License used by Linux, to the Microsoft Shared Source license. It compares digital images of open-source code, called fingerprints, with software that the Black Duck customer is writing and helps them to integrate their code with a wide variety of open-source or open-source-like software licenses.
The software now includes a rules engine that can help control the use of certain types of software. It could be used, for example, to help enforce a company policy against the use of a certain type of software license, and could be configured to alert developers whenever they use code that is governed by that license. "That alert would say, 'You're using (the software) in violation of your company's business rule'," Levin said.
When the beta version of protexIP/Development, previously called Enterprise Edition, was launched in January, it was priced at $995 per seat with an extra $250 per year subscription fee for each user, but Black Duck is now marketing the product as a services offering without the $995 per-seat fee, and pricing has jumped to a $2,500 annual subscription per user.
"We positioned the product as a software product for enterprises," said Black Duck CEO Doug Levin. Since then, we have expanded the product definition, and it's very clear to us that it is an information service."
Levin sees protexIP/Development as the basis for a broader product family that will eventually include automated legal and auditing services that would make the service appeal to a wider audience than the developers, product manager, and business affairs people who have been using the beta code.
Black Duck's offerings should be of interest to large organizations that are concerned about the implications of open source software, said Dan Kusnetzky, an analyst with research firm IDC.
"Organizations who have developers using open-source software might be interested in knowing what the limitations are on that use, because there are so many different forms of licenses for open-source software, some more restrictive than others," he said.
Also on Monday, Black Duck will launch a new service called protexIP/Registry. For $1,000, Black Duck will register code that has been scanned by the protexIP/Development software, something that could prove useful for software auditing purposes, according to Levin. "It's a way of registering your code with a trusted third party," he said.
For those who are curious, protexIP/Development will be available for a 30-day free trial, starting Monday, Levin said.