In the very early days of computing, product offerings seeking to improve developer productivity focused on tools for code design that could be used by the individual developer. For example, the first version of Turbo Pascal appeared in 1983. As the industry matured, the focus of innovation grew to facilitate the collaboration of groups of developers. For example, the (then revolutionary) revision management tool ClearCase was released by Atria software in 1992. Today, it’s the rare application that’s developed and coded from the ground up exclusively by internal resources. In the world of component-based development, where “reuse” is the mantra, developers are looking at a variety of sources of code; both internal and external. External sources of code are suppliers, partners and the open source community. We term the blending of the internal and external sources of code “the development ecosystem.” This brings us to the most recent (rightmost) stage in the history of innovation aimed at developer productivity which takes place in the era of component-based development.
While Black Duck does not make open source software, we help our customers realize the promise it offers while minimizing or eliminating the challenges and risks associated with it.
The challenges arise from mixing code from different sources: partner code, open source, internal code and vendor sourced. Each of these sources could be managing its own separate version of a code component. They could be incorporating conflicting software licenses into the code base. The code could have unexpected dependencies. The software ‘integrator’ is on the hook for robust and timely support, but the support model for open source code is an area that people must think about explicitly. Code from the development ecosystem could have varying levels of quality – some of it is great, some of it, not so great. If an organization implements compliance, it may involve many approval boards. The danger of thorough compliance is that it can be time consuming, slow to react and bureaucratic. Yet, it is a necessary part of software development in today’s complex and changing landscape.
Many great companies have had bad things happen to them because they did not address the need for governance in their software supply chain. Loss of Intellectual Property: Cisco was forced to open source some code and ultimately lost control over a product line. Impact was probably millions in lost revenue. See the support slide on this. License rights and restrictions Contractual obligations Injunctions: When Monsoon Multimedia was sued by the software freedom law center, the suit requested an injunction (stop ship) on their product. This would be devastating for a business. Export regulations Security vulnerabilities Software defects Escalating support costs: Version proliferation
Continuously Expanded (sub-bullets):Updated 9/9/08 Significant investment in automated tools Site mirrors for popular sites Open Source Licenses GPL LGPL Apache BSD CPL Creative Commons Eclipse Microsoft MIT Sun Open Source Sites Apache.org Eclipse.org Kernel.org Sun.com RubyForge.org Asterisk.com PlanetSourceCode.com Zope.org GNU.org CPAN.org MySQL.com SourceForge.net
The Black Duck Suite:
Enabling Faster, Lower
Cost Innovation with
Open Source Software
Black Duck Software