Phil Odence | Vice President & General Manager

Phil is General Manager of Black Duck On-Demand Audits. He works closely with Black Duck’s law firm partners and the open source community. A frequent speaker at industry events, Phil chairs the Linux Foundation's Software Package Data Exchange (SPDX) working group. With over 20 years’ software industry experience, Phil came to Black Duck from Empirix where he served as Vice President of Business Development and in other senior management positions, and was a pioneer in VoIP testing and monitoring. Prior to Empirix, Phil was a partner and ran consulting at High Performance Systems, a startup computer simulation modeling firm. He began his career with Teradyne's electronic design and test automation (EDA) software group in product, sales and marketing management roles. Phil has an AB in Engineering Science and an MS in System Simulation from the Thayer School of Engineering at Dartmouth College.

Recent Posts

The BTC license hit my radar screen recently. Billed as “sexy” by the author, the permissive BTC license employs Blockchain and may signal a new trend going forward that could transform the way many developers work... and how they get their health insurance. Background I chair the Linux

| MORE >

To the extent that tech companies manage open source risks, their primary focus tends to be on reciprocal licenses and the GPL in particular. As I've discussed earlier, the potential risks of open source are broader than just license compliance. Additionally, there are other licenses to consider

| MORE >

US export laws require companies to declare what encryption technology is used in any software to be exported. The use of open source makes complying with these regulations a tricky process. US Export Requirements The regulations on US software exports come from the US Commerce Department’s

| MORE >

  A number of licenses have clauses stating that the software is not for use in a nuclear facility. The implications have never been completely clear to me. This has been a recent topic of interesting discussion and debate on the Apache legal list. Black Duck tracks about 2700 licenses in our

| MORE >

Last week Black Duck released the 2017 Open Source Security and Risk Analysis. This is a great piece of research that should be of interest to anyone involved in tech M&A. The theoretical risks associated with open source are clear: most companies use a lot of open source but don’t sufficiently

| MORE >

Kyle Mitchell, an open source-savvy, lawyer/developer, just published an interesting blog titled Open Source License Business Perception Report. He rates a list of popular licenses along two dimensions: Pain - how inconvenient they are to use; and Confusion - uncertainty in the meaning of

| MORE >

Most of our readers understand that an open source software audit involves expert consultants analyzing a proprietary code base using Black Duck tools. The deliverable is a report that identifies open source in the code as well as associated risks. If you’d like to understand our process — what

| MORE >

Black Duck is well-known for open source audits, but that is only a piece of the technology due diligence puzzle. Auditing code quality assesses other aspects of a company’s software assets and completely complements an open source audit. Both audit types dive into issues that impact the valuation

| MORE >

Looking back five or ten years, companies managing open source risk were squarely focused on license risk associated with complying with open source licenses. Beginning in 2014, when open source security vulnerabilities began to get names (like Heartbleed, Shellshock and Poodle), open source

| MORE >

JSON (JavaScript Object Notation) is an extremely flexible, lightweight format for exchanging data of all sorts. It lives up to json.org’s description as “an ideal data-interchange format.” But use of some JSON projects is limited by the JSON license. Concern with the license is not new, but the

| MORE >
Page 1