Tracking Open-Source’s Origins

The open-source software movement-in which programmers freely share and build on each other’s work-has successfully churned out everything from operating systems to photo editors. But there’s a hitch. Sometimes a program’s open-source components turn out to be governed by conflicting licenses. A $3 billion suit filed against IBM in March 2003 by software maker SCO Group-which claims IBM contributed code owned by SCO to the open-source Linux project-is just the most glaring example of the potential dangers.

But a solution is emerging. A Chestnut Hill, MA, company, Black Duck Software, has built software that reviews open-source programs, flagging licensing and potential copyright infringement problems. Black Duck’s program compares a new piece of open-source software to thousands of existing, well-documented open-source programs. If it finds any matching code, it can tell users whose permission must be obtained-or who must be paid a licensing fee-before the new code can be released. And that’s critical for stopping potential litigation, says Ted Schadler, an analyst at Forrester Research. “It has become very important to do an inventory,” he says. “Black Duck’s technology will tell you what [code] you are running. It’s very effective.”

Black Duck launched its software-the only system of its kind so far, says founder and CEO Doug Levin-in January 2004. If it gets off the ground, the software could help keep disputes from derailing the open-source movement-and depriving businesses and consumers of a low-cost alternative to software from the likes of Microsoft, Adobe, and Oracle.