Black Duck Blog

Phil Odence
Vice President of Business Development
podence@blackducksoftware.com
There were no big product wows nor a substantial change in message from IBM, but Innovate 2010 really galvanized my understanding or Rational’s direction and the Rationale (if you will) behind it. The whole IBM smarter planet thing is far more than marketing hype for Danny Sabbah, Rational’s GM. He’s convinced that software is the future and makes a convincing case.

Last year Rational introduced their Smarter Products theme, one year after announcing their acquisition of Telelogic, a strong player in embedded systems. Two points allow one to extrapolate a trend, but a third one confirms it.  For me, this year’s expanded emphasis on products and systems (and “systems of systems” which you’ll here more of) hammered home Rational’s bet that growth lies beyond Enterprise IT organizations. More than that, I bought the pitch, and am inspired to be involved in a business that supports software innovation.

If there’s a criticism of Rational’s positioning, it’s a little diffuse with too many themes beyond smarter products, but I have to say they all ring pretty true. The world is becoming more Instrumented, Interconnected and Intelligent.  Danny backs that up with the statistic that we are in the midst of a 5 year boom with the number of network devices on the planet growing 10X to 1 Trillion by 2011. If three “I”s isn’t enough for you, he adds that software is the Invisible Thread that ties together systems of systems.  So, what is beyond Enterprise IT for Rational is a blending of the software it takes to run a company and the companies offerings: All businesses are becoming software businesses. It’s elemental.

The new theme this year was software econometrics, the way to manage the development process. Danny is a quant geek and I’m sure this one is his brainchild. Econometrics is a decades old school of mathematical modeling that focuses on optimizing an outcome. Danny uses that term to emphasize that business outcomes have to be the measure of effectiveness in the new world order. Development is a process in the old, factory floor TQM sense that must be optimized to deliver business results.

You can argue with their  lack of messaging around open source and multi-source development…we’re working on that—but I’m convinced that Rational has their eye on the right ball and the resources to back up the vision.

Phil Odence
Vice President of Business Development
podence@blackducksoftware.com
Black Duck just started up a program to certify legal professionals as Black Duck Specialists. We provide this free service as a way to help both our customers and friends in the legal community. The program gives our customers access to a list of legal contacts whom we’ve trained and certified on working with Black Duck and the reports we generate.

If you know us for our products, you may not be aware that we offer code assessments as a service. We’ve been involved in over $40 Billion of acquisitions, and in any given week we are hired to support the due diligence efforts of multiple acquirers. Our professional service team does a terrific job using Protex to identify unknown open source components (and the associated legal, export and security issues) in a target’s code base and creating a report that lays out the contents and potential issues.

That’s where our job ends and the lawyers’ begins. Our customers take action based on the advice of their attorneys for whom the Black Duck report provides key input. For a variety of reasons it’s critical that those attorneys be very familiar with our process and technology behind it. M&A transactions are fragile and unpredictable and things happen fast, so a lawyer doesn’t have much time to learn.

The Black Duck certification takes M&A and IP attorneys through every aspect of the technology and process of an assessment. In that way lawyers who have been through the program know how to help the parties involved know what to expect going into the process and how to work with what comes out.

If you an M&A or IP lawyer advising clients on transactions, I advise you to check out our certification program here: http://www.blackducksoftware.com/certification

Phil Odence
Vice President of Business Development
podence@blackducksoftware.com
In her opening remarks at last week’s Linux Foundation Collaboration Summit, Karen Copenhaver, counsel for the Linux Foundation, made some great observations about how rapidly the industry’s views about open source legal issues were evolving. She described that whereas only two years ago, a typical company developing software was trying to understand the minimum compliance they could get away with, today it’s more about how to practically do the right thing. With many organizations now wrestling with this issue, they have naturally begun to exchange best practices, and this has spawned a standardization effort.

I co-chair the FOSSBazaar SPDX (Software Package Data Exchange) Working Group.  FOSSBazzar, part of the Linux Foundation, is a forum for exchanging ideas about managing open source. The SPDX group is, in essence, defining a standard way for companies to share license and copyright information about software packages they exchange.

Spearheading the work is my co-chair Kate Stewart from Freescale, a semi-conductor manufacturer. It’s not surprising that the impetus comes from a company that sits in the middle of the supply chain, as they are getting it from both sides, if you will. As a consumer in the supply chain, they need to understand exactly what software they’re getting from multiple sources, how it’s licensed and the associated obligations. As a supplier, they are being asked for a mix of different information in multiple different forms. Frustrated by the redundant work she knew was going on across multiple organizations and inherent inefficiencies Kate came up with the idea of a data standard. At last Fall’s Linuxcon, she stepped up on her soapbox for anyone who would listen (I being one) and out of that grew SPDX.

SPDX has the potential to provide the classic value of a community: Working collectively to make everyone’s life a little easier. There is active participation from HP, TI, Motorola, Red Hat and others. We’re working on the first draft of a spec that identifies a package, its licensing and copyright, and the licensing and copyright of all of its constituent files. The effort is fraught with subtle issues, but once the group slogs through them, it will be far easier for those that follow. We expect to put up an FYI website shortly, and I’ll report back here on our progress.

Phil Odence
Vice President of Business Development
podence@blackducksoftware.com
Black Duck has just joined CollabXchange, Collabnet’s online marketplace for their customers that offers added-value integrations and extensions to TeamForge and Subversion. Our first integrated offering on the Xchange is our new Black Duck Code Sight product that allows developers to find code quickly behind the firewall across multiple SCM systems. It comes out of the box integrated with Subversion and TeamForge.

Collabnet started the company around Subversion, but several years ago acquired Sourceforge Enterprise Edition and turned that into TeamForge, an ALM platform that goes well beyond source code management. Most of the analysts I speak with view Collabnet as a real “up and comer” in the ALM space.

We’re excited to be part of CollabXchange and believe it will be great exposure for Code Sight. The Collabnet site attracts thousands of visitors every day and we think most of them would benefit from the free Edition of Code Sight. It’s a beautiful thing.

But we are also enthusiastic about being associated with Collabnet for other reasons. First, having core open source technology with proprietary products wrapped around it, they “get it” when we talk about multi-source development. Not surprisingly, many of their ideas about modern software development techniques complement ours nicely. For example, they are big on supporting distributed teams and we find that companies doing development across multiple sites most need Black Duck. Also, Collabnet is a pioneer in offering ALM tools as a service. With all the hubbub about the Cloud these days, we expect a number of companies will find this to be the most appropriate way for them to consume development tools. We have SaaS experience with our Transact process, and Collabnet initially built their business on SaaS.

We’re also more than pleased that Collabnet invited Tim Yeaton to give a keynote about agile multi-source development at their first on-line conference “Agile ALM for Distributed Development.” (The on-line conference technology is very cool by the way).  I’m guessing you’ll hear more about Black Duck Collabnet-oration in the future.

Phil Odence
Vice President of Business Development
podence@blackducksoftware.com
I haven’t been able to figure out who first said “Fast, Cheap, Good…pick two,” but it’s a great description of the trade-offs that exist in many projects. “Fast, Cheap, Free from Risk” doesn’t roll off the tongue in the same way, however there is similar triangle trade-off that companies are facing with respect to licensing and managing use open source software.

There are three ways companies can choose to deal with open source code:

1. Open Source Uncontrolled: This approach yields productivity gains from using open source (at least in the short term) and no overhead from managing. But the consequences include IP risk from unmet licensing obligations and/or the support and expense of uncontrolled code that may get deployed in a company’s IT infrastructure.
2. Just Say No to Open Source: In this scenario, IP risk is minimized, and management is relatively straight-forward, but companies miss a big opportunity for the productivity gains that open source can provide.
3. Managed Use of Open Source: Companies gain productivity by using open source and minimize risk, but investing time to manage claws back at least some of the productivity gains.

Another one-liner comes to mind: “There’s no such thing as a free lunch.” True, but as is often the case, technology provides a way to get the most out of a tradeoff. By automating open source management a fourth scenario emerges that enables companies to boost productivity, reduce risk and minimize the overhead required to responsibly manage open source so you can have your three slices of cake and eat it too.