Black Duck Software Unveils New Version of Software Compliance Management System

October 5, 2006; 03:27 AM
Black Duck Software, provider of software compliance management solutions, today announced a major new release of its protexIP/development system. protexIP/development 4.0 reaffirms Black Duck’s position as the market and technology leader in software compliance management by addressing the needs of enterprises, technology product companies, outsourcers, law firms, and other organizations that are concerned with the protection of software intellectual policy (IP) and proper use of open source software.

protexIP 4.0 includes a new graphical user interface (UI) based on AJAX (Asynchronous JavaScript and XML), a streamlined visual workflow, an obligation checklist that speeds the software compliance management process, “Precision” code matching technology that increases user productivity, and a separately packaged Software Development Kit. Version 4.0 draws on feedback from developers, attorneys, and managers in Black Duck’s expanding customer base as well as on input from the company’s Customer Advisory Council.

“SAP regularly uses information from protexIP as part of our due diligence for mergers and acquisitions,” said Jim Mackey, Senior Vice President, Corporate Finance (Mergers & Acquisitions), SAP. “The analysis from protexIP is invaluable; it provides us with a detailed understanding of any open source software contained in the code under review.”

“Software license compliance is a process that involves, as a minimum, legal counsel as well as software development, and the protexIP platform provides enhanced views that are tailored to each separate audience,” said Audrey Dickey, Corporate Counsel at Adaptec. “We have been very pleased with this facet of the Black Duck solution and look forward to utilizing new features in the new protexIP version that support the many audiences that are a part of the compliance management process.”

protexIP 4.0 is the only product that can manage software component licenses throughout the entire application development process and for all affected parties, including developers, attorneys, and managers. This empowers companies to capitalize on the benefits of today’s component-based software development approach, while avoiding complications presented by licenses on specific components.

“More and more enterprises are leveraging open source in their software development projects,” said Michele Cantara, Research Vice President at Gartner, Inc. “Incorporating software compliance management practices in the development lifecycle helps avoid licensing surprises later on. The easier and faster these compliance practices are to use, the more likely developers will be to use them regularly, and the more likely companies will be to incorporate them into their software development processes.”

“Black Duck was the first to enter the software compliance management market and has consistently led it in terms of vision, product features, and enterprise acceptance,” said Douglas Levin, CEO of Black Duck Software. “As the industry moves toward a milestone release of the GPLv3 and companies embrace a component-based development model, we’ve focused on substantial enhancements to protexIP’s power and usability. For example, customers told us they wanted compliance reviews of very large code bases – gigabytes of code – to be fast and efficient. They also wanted the process of identifying components and adding them to their software Bill of Materials to take seconds. Meeting these requirements inspired our engineering team to design and build innovative new capabilities into the protexIP platform, as well as develop a user interface based on the latest Web 2.0 technologies.”

Streamlined Workflow Improves Productivity for Development and Legal Teams

Foremost in protexIP 4.0, Black Duck is unveiling a completely new AJAX-based user interface that provides a visual representation of the work steps involved in software compliance management. The use of AJAX technology increases the UI’s responsiveness in all cases, but particularly when navigating large code bases. The work steps are modeled on best practices derived from protexIP customer usage and include Project Management, Code Identification, Component Review and Approval, and Reporting. Key elements of the new user interface include:

• Executive dashboard—Indicates the compliance review status for all development projects at a glance, and enables users to rapidly identify the projects that need attention. A Bill of Materials for each project summarizes the components included in the project, their licenses, the approval status of each component, and whether the use of the component causes a company or license policy violation.
• Code navigator—Enables “review at a glance” of all of the code within a project. Users can highlight code that appears to have originated from an open source project or another external source, code whose origin has been identified but which requires legal or business approval for use, or code containing policy violations.
• Obligation fulfillment checklist—Details the specific license obligations accumulated from all of the components in use in a project, so that adherence to each obligation can be verified. The checklist can be extended to reflect customer-specific compliance checks required prior to software release.

Taken together, the new protexIP 4.0 capabilities decrease the resources required to review code and its licensing obligations as part of a software compliance management process – by more than a factor of 10. This enables enterprises to manage hundreds of development projects with limited manpower.

Enhanced Architecture Enables Faster Comprehensive Analysis

Complementing the new UI are enhancements to protexIP’s multi-user, role-based architecture that enable the system to handle larger projects, a continuously growing KnowledgeBase, plug-ins to accommodate new code analysis techniques, and an SDK. Important elements of the new architecture include:

• “Precision” technology—Developed by Black Duck, “Precision” technology dramatically speeds code reviews by narrowing the number of code matches displayed. Code matches occur when the code under review resembles code contained in protexIP’s KnowledgeBase. “Precision” uses advanced analytical techniques to identify the KnowledgeBase components that most closely resemble the analyzed code, while suppressing 80 percent or more of the raw matches generated.
• Dependency Analysis—Detects and reports components that might be used in a project but exist outside the reviewed code base, such as libraries, which may be necessary for a complete Bill of Materials. The scope of analysis includes source files (e.g., C, C++, Java) and binary files (e.g., Java archive or JAR files, Java “class” files, DLL’s).
• Archive Analysis—Identifies reused components that might be contained within composite files. As part of its analysis, protexIP processes files like ZIP files, JAR files, etc. and extracts the component objects, then processes these objects to identify potential code reuse.
• Software Development Kit (SDK) —Allows customers to integrate the protexIP platform with existing systems already in use in their software development environments. The SDK also enables Black Duck and its partners to provide off-the-shelf integrated solutions with common development tools and environments like software configuration management systems.

About the protexIP Suite

Black Duck's protexIP platform creates a new work environment that helps organizations effectively manage their increasingly complex software IP and licensing issues. By validating software contents, finding and addressing issues early in the development cycle or well in advance of a due diligence event, and verifying license compliance, the protexIP platform helps companies reduce business risks, complete software projects on time and on budget, and stay on track with their business plans.

Availability

protexIP/development 4.0 will be available in mid-November from Black Duck Software and its authorized resellers. protexIP is licensed as an annual subscription that includes the software, KnowledgeBase and product updates, and customer support. The annual subscription price is based on the number of users and the size of the managed code base. protexIP/development Enterprise Edition is priced starting at $25,000; protexIP/development Professional Edition is priced starting at $9,500. protexIP/sdk is priced starting at $10,000 and requires a base protexIP/development subscription. For more information, visit www.blackducksoftware.com, email [email protected], or call +1 781.891.5100, extension 450.

About Black Duck Software

Black Duck Software is the leading provider of software compliance management solutions that help companies govern how software assets are created and managed. Black Duck's offerings help businesses take maximum advantage of open source software while at the same time ensure that they satisfy the obligations associated with the code they use. Black Duck’s customer base includes enterprises, product developers, outsourcers, law firms and other organizations worldwide that are concerned with protection of software intellectual property. For more information about Black Duck, visit www.blackducksoftware.com.

Black Duck Software is a registered trademark, and the Black Duck logo, protexIP, and Know Your Code are trademarks of Black Duck Software, Inc. All other trademarks are the property of their respective holders.