dip into the company’s larger “KnowledgeBase” of hundreds of thousands of open source components, while a related product called Protex scans finished software for unapproved or problematic code.
“For our compliance product, the typical use case is, ‘I’ve built a software component or acquired a company and I want to validate that there’s no unknown or undisclosed vulnerability or license issue there.’ Very late in the process, you would run our scan and get a list of issues you could remediate,” explains Yeaton. “That is fine for that use case. But if you are a development organization trying to get much greater reuse out of open source software, but you don’t want to paw through 200,000 open source projects out in the world and the 1,400 licenses that could be covering them, we can also help. We leverage the deep knowledge we’ve built up around those 200,000 projects—not just licensing but security, usability, popularity, where the community support comes from, all those kinds of knowledge that are needed earlier on in the development process.”
It may take a little while to change Black Duck’s image, Yeaton acknowledges. “Because we’ve been focused on compliance late in the development process—finding things that are wrong that you now have to go and fix—that at times became the perception” of what Black Duck is about, he says. But with Code Center, “What we want to do is be early-stage, more proactive in helping people identify and choose the right components.”
And a recession, it turns out, may be a good time to be an open source software management company. Whereas the company was “cautiously optimistic” in 2008, Yeaton says, it’s “very encouraged” by the results so far in the first quarter of 2009.
“The behavior we’re seeing in customers is the recognition that finding efficiencies in their software development is critical,” he says. “The question I’ve heard already from many customers is, ‘How do we innovate through the recession?,’ and that is in many ways code for ‘I’ve only got a finite, maybe shrinking development budget, but I still have to make my company successful, so how can I get greater leverage somewhere?’ The answer is leveraging open source components.”
“There are very few things that are recession-proof,” Yeaton concludes. “But I think open source is one of those areas where adopting it can minimize the impact for companies that are trying to invest through the downturn.”