RealTime IT News

VA, Black Duck Team on Open Source Projects

Black Duck Software and VA Software will release an integration kit later this month to combine the strengths of their respective software offerings, officials said.

With the service pack, a free download for customers using the two products, developers can keep tabs on the open source intellectual property (IP) and licenses contained in the code on application projects before it becomes a problem.

Sheila Baker, VA Software senior vice president of marketing, said, developers had to rely on reading every line of code before marketing their projects, a time-consuming process.

Black Duck sells a protex/IP software suite that catches potential IP or license conflicts before an application hits the market and potentially opens a company up to litigation. The company maintains a library of thousands of open source projects and the licenses used, letting customers know the terms under which they can distribute the code.

VA Software, on the other hand, develops the SourceForge Enterprise Edition (SFEE), an application that allows teams scattered around the world to collaborate and coordinate on software projects.

Combined, the license compliance policies of a company -- through protex/IP -- are integrated into the distributed development process of SFEE, allowing adjustments to the code earlier in the development process.

"There's a little bit of 'hear no evil, see no evil, speak no evil' around IP compliance in that it's pretty difficult for organizations to understand what they have because they can't get at it," Baker said. "And if they do get it, it's usually the last step before it ships and then the choice is, 'what's the risk, do you want to hold up the shipment,' that kind of thing."

Combined, the integrated offering also gives enterprise development teams a measure of safety when it comes to federal reporting and self-audit requirements like Sarbanes-Oxley or quality measures like the International Organization for Standardization (ISO).

The toolkit will be released as an administrative console that combines the functionality of protex/IP and SFEE. Black Duck developers created application programming interfaces in order to get the two applications to talk to each other.

VA Software is the creator of the distributed development software that runs on the popular SourceForge.net (SF.net) Web site, a repository and collaboration space for open source projects. While similar in function, the two were created for two entirely separate audiences, the Web and enterprise customers.

SFEE, based on the original SourceForge code found on SourceForge.com, was rebuilt from the ground up on the J2EE platform (SF.net uses PHP, Python and Perl) last year to incorporate enterprise features like open APIs and software development kits .

The Black Duck integration tool is the fifth such for VA Software. The company also hosts integration tools for Microsoft Project, Microsoft Office XP, IBM WebSphere Studio Application Developer and software configuration management tools like concurrent versions systems (CVS) and IBM Rational ClearCase.