Black Duck Software

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Black Duck Software Inc
Type Privately held
Industry Development software
Founded Massachusetts, USA (2002)
Headquarters Burlington, MA
Key people Lou Shipley, President & CEO
Ken Goldman, EVP & Chief Financial Officer
Alan Facey EVP & Chief Customer Officer
Phil Granof, EVP & Chief Marketing Officer
Andi Zink, EVP, Chief Technology & Products Officer
Phil Odence, VP, Corporate & Business Development
Michelle Goodwin, VP, Human Resources
Andrew Aitken, Managing Director – Black Duck Consulting
Products Black Duck Code Center
Black Duck Protex
Black Duck Export
Professional Services

Black Duck Software is a private company based in Burlington, Massachusetts, USA. Black Duck Software is a provider of consulting and software for enabling enterprise adoption of open source software (OSS). The company’s products and services allow organizations to analyze the composition of software source code and binary files, search for reusable code, manage open source and third-party code approval, honor the legal obligations associated with mixed-origin code, and monitor related security vulnerabilities.[1][2][3]

Black Duck was the 383rd largest software company in the world in September 2012, having grown its annualized sales over 30 percent for the preceding three years.[4][5]

In 2011, Black Duck acquired the open source business strategy consulting company Olliance Group which organizes and manages the Open Source Think Tank conference on the commercial application of open source, mobile and cloud computing technologies. In 2013, the Olliance Group fully integrated into the company, changing its name to Black Duck Consulting.[6]

Black Duck Software maintains a KnowledgeBase of open source and third party components - most of which are available on the Internet. Each component is characterized by metadata such as license, language, version, author, and known security vulnerabilities. Black Duck products use this information to facilitate search, selection, approval, auditing and tracking of software components. Black Duck Software also maintains the open source search engine Ohloh Code,[7] a free resource for software developers, and,[8] a free public directory of open source projects and contributors.

Black Duck Software maintains the Open Source Delivers [9] industry blog on the adoption and enablement of OSS, and the Open Source Resource Center (OSRC).[10]


Douglas (Doug) Levin founded Black Duck in 2002, at a time when litigation over open source and software intellectual property began in the United States, including the high-profile SCO v. IBM case. The idea struck him that there should be an automated way to keep track of and verify software code origins. Today the company is focused on the broad adoption, governance and enablement of OSS across the application development lifecycle.

Black Duck Software began shipping its first product, Protex, in 2004. In July 2004, the company had its first round of venture capital funding for $5 million, with investments from Flagship Ventures [29] and General Catalyst Partners.[11][12]

In March 2005, the company announced a hosted service, Black Duck Transact[13] In June 2005, a second round of funding added $12 million in investment capital led by Fidelity Ventures of Boston and including Intel Capital (a division of Intel Corporation), SAP Ventures (a division of SAP AG) and Red Hat, along with existing investors Flagship Ventures and General Catalyst Partners.[14] Throughout 2005, the company created partnerships with other open source organizations, including Red Hat, the Open Source Software Institute, Sourceforge, and Olliance Group [30].

During 2006 Black Duck integrated Protex with the IBM Rational [15] management platform [16] and released the Black Duck Export product.[17] Also in 2006, the company expanded its distribution network to include resellers in Australia, New Zealand,[18] the UK,[19] Israel,[20] and Korea.[21]

In February 2007, Black Duck Software completed a third round of venture capital investment for $12 million, led by Focus Ventures and also including existing investors.[22] The company joined the Open Solutions Alliance [23] in April 2007, received IBM SOA Specialty acceptance in October [24] and, in November 2007, added distribution partners in Hong Kong.[25] Also in November 2007, the company began a distribution partnership with NEC in Japan.[26]

On January 28, 2008, Black Duck introduced Black Duck Code Center, a role-based management system for mixed-origin software development.[27] [28]

On April 28, 2008, Black Duck Software acquired the assets and technologies of open source code search engine Koders. The Koders search engine will remain free of charge.[29]

On February 10, 2009, the company announced Tim Yeaton as the new President and CEO of Black Duck Software.[30]

On October 5, 2010, Black Duck Software acquired, a free public directory of open source software and OSS users, from Geeknet.[31]

In January 2011, Black Duck acquired The Olliance Group, a privately held independent open source business and strategy consulting firm.[32]

In October 2013, the Olliance Group changed its name to Black Duck Consulting.


In May 2011, Black Duck Software was honored with an SBANE Innovation Award[33]

Ranked in SD Times 100 for the fourth consecutive year in 2011[34]

Ranked in Software Magazine’s Software 500 largest global software companies for the fourth consecutive year[35]

In June 2010, Black Duck Software was listed as one of the Lead411's Hottest Boston Companies.[36]

In April 2010, Black Duck Software was included in the prestigious “Cool Vendors in Application Development, 2010” report by Gartner, Inc.[37]

In 2012, Black Duck was named a Top Place to Work in Massachusetts by The Boston Globe[38]


Black Duck Software’s flagship product, the Black Duck Suite, automates key processes related to open source code management over the application development (AppDev) life cycle, including search, select, approve, audit and ongoing monitoring. The Suite includes Protex, Code Center and Export, and each of these use the Black Duck KnowledgeBase to identify and manage the reuse of open source and third party code. The Black Duck KnowledgeBase is continuously updated with downloadable code from Internet sites and software vendors, including development kits, proprietary applications, operating systems, and the associated proprietary and open source licenses. Black Duck also offers Code Sight™, a scalable, syntax-specific (43 languages) source code search engine that can be used to search personal codebases, team codebases, and Enterprise-wide code repositories. Code Sight can be used stand alone or in addition to the Suite’s component search capability.

Product Details:

  • Black Duck Suite[39] is an advanced enterprise-class solution to the unique management, compliance and security challenges associated with open source.
  • Black Duck Protex[40] is a platform that helps companies administer how their software assets are created, managed and licensed.
  • Black Duck Export[41] is the world’s first and only solution specifically for encryption export compliance management for software and software-based assets.
  • Black Duck Code Center[42] streamlines the search, selection, approval and tracking of software components, even across geographically dispersed development organizations, by finding and tracking reusable open source code.
  • Black Duck Code Sight[43] is a scalable source code search engine that enables developers to find, understand, and reuse internal code.


Black Duck services include:

  • Audit Services[44] provide a comprehensive software component inventory and audit to find unknown open source and third-party software, as well as encryption technology that may be subject to regulation. Audits are frequently used in M&A technical due diligence to identify potential intellectual property (IP) ownership and/or regulatory issues. Open source consulting services, offered by Black Duck Consulting, help assess, plan and implement open source strategies for businesses.
  • Product Implementation[45] is a customized offering that helps implement Black Duck governance and compliance solutions quickly and easily
  • Black Duck Training,[46] which helps you increase productivity and innovation by ensuring your teams understand how to maximize the value of Black Duck solutions
  • Mergers and Acquisitions[47] services will help you evaluate code before an acquisition and automate software code evaluation to ensure that both companies interested in acquiring others and those who wish to be acquired perform the necessary due diligence.

Partners & alliances[edit]

Black Duck Software supports and collaborates with companies and organizations throughout the open source sphere. A member of the Eclipse Foundation, the Linux Foundation, the Open Solutions Alliance, and the Open Source Software Institute, Black Duck also participates actively in the Linux Foundation SPDX working group which it has co-chaired from its inception.

The company is also an associate member of the GENIVI Alliance helping to provide open source compliance strategy, program development and training to Alliance members, which include top automakers and automotive software suppliers.

Technical integration with IBM Rational and Microsoft Visual Studio adds Black Duck functionality to executive-level software management. Open source consultancies[48] work with Black Duck Software to help their clients adopt and implement open source policies that honor licenses while capturing the cost savings of open source software reuse. Similarly, Black Duck has established partnerships with a number of law firms to provide accurate determination of software pedigree—especially helpful when preparing software asset valuation for mergers and acquisitions.[49]


In an interview[50] on slashdot open source advocate Bruce Perens criticises Black Duck for pushing stories on the decline of the GPL, saying it isn't a real trend and that the apparent change is due to an increase in the use of web platforms which favour other types of open source licence.

Black Duck responded to Mr. Perens’ statement, claiming he was misinterpreting the company’s position, saying: “Our data – about the GPL or otherwise – is just that: data. We do not espouse any opinions about the data reported”.

Black Duck's ownership of Ohloh may be misleading; it engages with free and open-source projects rather than being a major contributor to them.[51]

See also[edit]

  • Sonatype Leading competitor in open source management, security and governance.
  • Protecode A Canadian competitor providing open-source software and security vulnerabilities management tools
  • Palamida Leading competitor with open-source software and security vulnerabilities identification and analysis tools
  • Koders Company acquired by Black Duck Software in 2009
  • Ohloh Company acquired by Black Duck Software in 2010
  • Open Source Think Tank
  • FOSSology - Open-source tool to find and manage licenses in a code base, launched in January 2008 by Hewlett Packard
  • Ninka—Open source tool to identify licenses in source code.
  • OSS Discovery - Open-source tool to find open-source software embedded in applications and installed on computers. Sourceforge project led by OpenLogic
  • TLDRLegal - Open Source Software summary tool used to break down and simplify licenses.


  1. ^ [1] “Open source lands in the enterprise with both feet,’’ InfoWorld, 6 August 2007.
  2. ^ [2] ‘’Quacking Through Licensing Complexity,’’ San Diego Times, 6 August 2006.
  3. ^ [3]‘’Battles over open source carve niche for startup,‘’ Boston Business Journal, 14 December 2007]
  4. ^ [4] Black Duck Software Reports Another Year of Record Growth
  5. ^ [5] Software 500 2012: 17% Revenue Growth
  6. ^ "Black Duck Fully Integrates Open Source Consulting Capabilities"
  7. ^ [6] Ohloh Code
  8. ^ [7]
  9. ^ [8] Open Source Delivers
  10. ^ [9] Open Source Resource Center (OSRC)
  11. ^ "Black Duck Software Gets $5 Million," Wall Street Journal, 26 July 2004.
  12. ^ [10] “Black Duck Software secures $5M in Series A,” Mass High Tech: The Journal of New England Technology, 23 July 2004.
  13. ^ [11] “Service Offers On-Demand Tool for Finding Software-Licensing Violations” InformationWeek, 28 March 2005.
  14. ^ [12] “Black Duck Software raises $12M in 2nd VC round,” Boston Business Journal, 6 June 2005.
  15. ^ IBM Rational software and systems delivery. Retrieved on 2013-12-09.
  16. ^ [13] “Black Duck Software Expands Integration Of protexIP/development 4.0 In Ready For IBM Rational Software Validation Program,” Enterprise Open Source Magazine, 7 December 2006
  17. ^ [14] “Black Duck debuts US encryption compliance,” Infoworld, 16 October 2006.
  18. ^ [15] “Open Source Firm Black Duck Expands Reseller Network In Australia And NZ,” AjaxWorld International, 2 August 2006.
  19. ^ [16] “Black Duck flies into UK with Atos Origin,” Computing, 30 June 2006.
  20. ^ [17] “Black Duck Software Expands International Reach With New Distribution Partners in Israel and the United Kingdom” Press Release14 November, 2006.
  21. ^ [18]”Black Duck's CEO Douglas Levin to Deliver Keynote at LinuxWorld Korea” Press Release 5 June 2006.
  22. ^ [19] “Valley firms join $12M Black Duck round,” Silicon Valley San Jose Journal,14 February 2007.
  23. ^ [20] Open Solutions Alliance home page.
  24. ^ [21] “Black Duck Software Accepted Into the IBM SOA Specialty,” Press Release 15 October 2007
  25. ^ [22] “Black Duck Software Further Expands its Presence in the Far East” Press Release 19 November 2007.
  26. ^ [23] “NEC and Black Duck Software Partner to Offer Software Component Management Solutions in Japan” Press Release 19 November 2007.
  27. ^ [24] Black Duck Code Center product page.
  28. ^ [25] Linux Insider: Black Duck Offers Developers a New Tool to Manage Code.
  29. ^ [26] "Black Duck acquires"
  30. ^ [27] "Software Industry Veteran Tim Yeaton Named New CEO of Black Duck Software"
  31. ^ "Black Duck Software Acquires from Geeknet; Purchase a Boon to Developers"
  32. ^ "Black Duck Software Acquires Olliance Group; Enterprise Offerings Span Open Source Strategy, Implementation, Governance and Management"
  33. ^ "Black Duck Software Honored as 2011 SBANE Innovation Award Winner"
  34. ^ "The SD Times 100 2011: They write the songs"
  35. ^ "Black Duck Software Named to Software Magazine’s 29th Annual Software 500"
  36. ^ Lead411 launches "Hottest Boston Companies" awards
  37. ^ Black Duck Software Named "Cool Vendor" by Leading Analyst Firm
  38. ^"Press Release"
  39. ^ Black Duck Suite product page
  40. ^ Black Duck Protex product page
  41. ^ Black Duck Export product page
  42. ^ Black Duck Code Center product page
  43. ^ Black Duck Code Sight product page
  44. ^ Audit Services page
  45. ^ Product Implementation page
  46. ^ Black Duck Training Services
  47. ^ Mergers and Acquisitions Require Technical Due Diligence
  48. ^ [28] Black Duck partners page.
  49. ^ Black Duck legal partners page
  50. ^ Bruce Perens answers Slashdot's questions
  51. ^ Black Duck. Techrights (2013-09-20). Retrieved on 2013-12-09.