Palamida Probes IP Pedigrees
It's 9:30 p.m. A developer sits in front of her laptop, Red Bull in hand. She said she'd have her section of the code done by "close of business," and she's now two hours past deadline. She does a little surfing, grabs just the module she needs to support data synchronization with a PDA, and embeds it in the application she's sending to her colleague.
Welcome to today's world of building applications out of spare parts.
In many development shops today, application development is less about the process of handcrafting entire software applications and more about the process of assembling bits of code from commercial software vendors and open source projects. While there will always be a place for custom coding, the demand for greater productivity and more reliable code is driving the trend to software assembly.
While this approach streamlines the development of software, it creates some thorny issues from a licensing standpoint. With large development teams, it's difficult to know just which bits of code governed by which licenses may have been used. License violations may unwittingly occur. Consider the situation where a systems integrator decides to "productize" a template they've been using for an external client. Or suppose a tech company is being acquired, and the software assets need to be reviewed and valued as part of the due diligence process.
The SCO-IBM suit may have thrust this issue into glaring daylight, but it's been a very real issue for ISVs all along. It's easy to see how this is a crucial issue for them, as they are maintaining multiple versions of multiple products across multiple platforms -- often with bits of interwoven partner code for specialized functionality.
And if all of these drivers aren't enough -- SarBox will help get management and legal teams motivated to ensure companies are complying with the letter of the licenses.
Enter Palamida and Black Duck Software, which both offer products to help companies ferret out open source and proprietary code in their programs, and identify the relevant licenses. To give you some idea of the scale of the issue, Palamida's compliance library covers over 40,000 open source projects and includes more than 38 million code snippets that can identify both open source and commercial code.
Black Duck has been out there for awhile, raising visibility on this issue. We had the pleasure of launching Palamida earlier this month, announcing the appointment of Sun's former CMO Mark Tolliver as the company's first CEO, as well as Version 3.0 of the company's IP AMPlifier product. (We've been too busy pitching their great story to write about it earlier.) Coverage is springing up like dandelions, in more than 20 outlets ranging from eWeek, InfoWeek and CNET to Dana Blankenhorn's ZDNet blog, Out-law.com and slashdot.
Competition is a healthy thing for customers and it's a useful thing for us marketing types. The software licensing management market is now a two-horse race, which makes it more interesting from a reporter's standpoint. (As every seasoned reporter knows, a good story requires tension.) And while Palamida may be in a come-from-behind position at the moment, we've got confidence in any company backed by Hummer Winblad's Mitchell Kertzman. We've also been very impressed with the intensity and smarts of Palamida's young management team: Theresa Bui Friday, Jeff Luszcz and Ray Waldin.
In the long run, I'm betting our fish can outswim their duck.
P.S. For companies looking for a developer's primer on the issues at stake with software licensing, software legend Dan Bricklin is offering a DVD on the topic: A Developer’s Introduction to Copyright and Open Source. David Berlind just authored a positive review of it last week.