Black Duck Launches protexIP/OnDemand Hosted Service To Analyze Software for Open Source License Compliance

Black Duck Software, Inc.

Black Duck Launches protexIP/OnDemand Hosted Service To Analyze Software for Open Source License Compliance

March 28, 2005

Lets Software Developers, Outsourcers, and Due Diligence Teams Meet Compliance Deadlines with Easy-to-Use, Automated Service

Waltham, Mass., March 28, 2005 -- Black Duck Software Inc., the market leader in software compliance management solutions, today expanded its innovative protexIP(TM) suite with the announcement of protexIP(TM)/OnDemand, the industry's first Internet-hosted service that helps companies to mitigate business risk by validating proper use of open source software within their intellectual property (IP) assets.

The new service, aimed at independent software vendors (ISVs), outsourcers, and due diligence teams, lets companies automatically analyze software projects to discover open source software and assure that licensing obligations are met. Now software developers can quickly and easily address emerging IP compliance requirements stemming from customer procurement, outsourced project validation, internal controls & compliance programs, and mergers & acquisitions, with a level of accuracy not previously possible and without time-consuming and expensive manual methods.

"Businesses today are increasingly required to provide evidence that they are managing the origins and obligations of their software intellectual property. As a result, development teams are frequently being called upon for in-depth compliance validations in support of specific business transactions or product milestones," said Douglas A. Levin, CEO of Black Duck Software, Inc. "protexIP/OnDemand provides the ideal solution to these urgent, transactional requests by providing an easy to use, cost effective and secure on-line service that can deliver in-depth information to compliance teams literally 'on-demand'."

Over a dozen companies have been early-access customers of protexIP/OnDemand for the past few months. One of them, Kayak.com provides comprehensive and objective travel information by searching nearly 100 online travel sites at once. It also provides personalized results to quickly find a traveler's desired trip. "Black Duck's concept is timely and solves a really tough problem with a well-engineered solution," said Paul English, Kayak co-founder and chief technical officer. "protexIP/OnDemand quickly and efficiently provided the insights we needed into our code base. I was very impressed." More customer testimonials can be found at www.blackducksoftware.com/about/customer.html#interactive.

"It is clear that open source software is of increasing interest to businesses worldwide," said Dan Kusnetzky, Program Vice President, System Software, Enterprise Computing Group, IDC. "Open source software has gained a strong foothold in the lower levels of the software stack today and is likely to have a greater impact higher up the software stack in the future. As this occurs, organizations would be wise to gain a better understanding of open source licenses and software intellectual property to comply with licensing obligations. Black Duck has developed expertise in this area and their services are likely to reduce the amount of time an organization needs to prepare itself."

"We are seeing an increasing level of sophistication in mergers & acquisitions due diligence relating to identifying the origins and value of intellectual property and assuring compliance with obligations relating to licensed assets," said Peter Falvey, Managing Director of investment banking firm Revolution Partners. "Black Duck's protexIP/OnDemand service offers an ideal solution because it provides a cost-effective, time efficient analysis of the target software asset. This helps reduce risk for both buyers and sellers, and provides better information on which to establish value of the assets."

Improving the Diligence of 'Due Diligence'

Today, senior developers are often tasked with the time-consuming job of manually analyzing code line-by-line to validate its origins. Management and legal counsel work along side to evaluate results and assure compliance with the wide array of license obligations associated with open source software components. Manual reviews are typically time-consuming, expensive, and, by definition, incomplete since no review team can know the thousands of open source software projects by sight. To address these challenges, protexIP/OnDemand offers an on-line service that automates the review process, and provides highly accurate results in timeframes that meet the demands of today's business transactions.

protexIP/OnDemand leverages Black Duck's proven digital Code Print technology and extensive open source Knowledgebase to recognize when code from any of thousands of open source programs have been inserted into user's source code - even small blocks of code or code that has been modified. The service then identifies the license associated with the inserted code from its database of hundreds of license types and highlights possible conflicts between that license and other relevant license restrictions or business policies. From this analysis, it creates a "punch list" of the issues for review by the company's legal counsel and, if necessary, to be remedied by software engineers.

protexIP/OnDemand is a secure solution that leaves user's source code safely behind their company's firewall during analysis. Services are purchased online with a credit card or purchase order. protexIP/OnDemand is a compatible member of the Black Duck protexIP(TM) product family. The protexIP suite offers an upgrade path to onsite deployment of complementary Black Duck solutions that bring developers, lawyers, and business decision-makers together within a customizable, automated environment for full lifecycle software compliance management.

Available Now

protexIP/OnDemand is available now by accessing the Black Duck Software Web site at www.blackducksoftware.com. Pricing starts at US$3000 to analyze up to 10 megabytes of user source code. Users can access the service for up to 90 days, allowing time to analyze and remediate compliance issues for a specified software project. For more information, visit www.blackducksoftware.com, email sales@blackducksoftware.com, or call +1 781.891.5100, extension 450.

Black Duck is offering a series of Web Seminars about protexIP/OnDemand during the month of April. Please visit www.blackducksoftware.com/news/events.html for registration information.

About Black Duck Software

Black Duck SoftwareTM is the leading provider of software compliance management solutions that help companies govern how software assets are created, managed, and licensed. Black Duck's offerings help businesses take maximum advantage of open source software while at the same time assure they satisfy the obligations associated with the code they use. Black Duck's customer base includes enterprises, product developers, outsourcers, law firms and other organizations worldwide that are concerned with protection of software intellectual property. For more information about Black Duck, visit www.blackducksoftware.com.

Contact:
Dan Ring
Black Duck Software
dring@blackducksoftware.com
(617) 585-2202

© 2005 Black Duck Software, Inc. Black Duck Software and protexIP are trademarks of Black Duck Software, Inc. All other trademarks are the property of their respective holders.