SOURCE: Black Duck Software

Black Duck Software

December 08, 2009 10:54 ET

Black Duck Software Offers Five-Point Checklist to Guide Successful Deployment of Applications Built With Open Source Software

Checklist Helps Organizations Overcome Barriers to OSS Adoption, Leading to More Efficient Software Development Processes

WALTHAM, MA--(Marketwire - December 8, 2009) - Open source software (OSS) has garnered interest from commercial software developers and enterprise IT managers as a way to cut costs, increase efficiency and speed time-to-market, but many remain unsure how to integrate and manage open source deployed in their applications and systems.

Black Duck Software, ( the leading global provider of products and services for accelerating software development through the managed use of open source software, has reviewed thousands of successful OSS deployments and developed a five-point checklist that can be used by software companies, where concerns about intellectual property and licensing risk can inhibit OSS adoption, and enterprise IT executives, where risk to infrastructure and operations are obstacles to deployment of OSS code.

Jeff Durand, VP of Professional Services at Black Duck Software, notes, "Enterprise IT executives want to get more out of investments in technology and reduce complexity. They worry about managing the thousands of applications used in their operations and are concerned that applications with OSS code may create risk and be difficult to manage. Developers, conversely, are looking for code reuse. They are concerned with increasing the velocity of development, reducing complexity and increasing innovation. Open source, properly implemented, is an answer for both groups."

Durand recommends developers and enterprises use a five-point checklist to ensure successful deployment of OSS code.

1. Have a written, explicit OSS strategy -- Know what you are trying to do with open source, and develop a disciplined OSS policy and set of practices, advises Durand. Automation through tools that identify OSS code and any license dependencies is a critical first step. "Automation makes development organizations more efficient and builds quality into the process," he observes. "Manual processes are not fast enough to aid in the discovery of hidden or potentially encumbered code. The more automation is in place, the better able a developer will be to take advantage of OSS code." Automation also minimizes the impact of OSS compliance policies on developers, who can stay focused on developing rather than tracking code provenance.

2. Integrate with other systems, especially build and change management tools -- Integrating with a company's build system is a natural and convenient place to check compliance, scan for third-party and OSS code and identify conflicts. Finding issues early in the development cycle will save effort later.

3. Check all possible sources for incoming OSS -- A single-source application or code base is the exception, not the rule, in today's global development infrastructure, says Durand. Code can come from many sources -- OSS forges, community projects, third-party developers. Pointing to Microsoft's recent brush with undetected OSS code, Durand notes that outsourcing software development has become a best practice -- leaving software companies and enterprise IT departments with doubts about code provenance. "Your developers, external developers and contractors are part of your software supply chain," he says. "You need a best practice that describes how to manage inbound code, an institutionalized policy for managing third-party and OSS code, and a documented process that the entire organization can understand and support."

4. Drive efficiency by identifying and standardizing on OSS components -- A lack of control in the development process can leave a company with 10 different XML parsers, multiple libraries with similar functionality, or logging and bug-tracking systems that offer largely the same features. Standardizing on an approved set of OSS components (e.g., Tomcat, log4j, zlib, etc.) by establishing a process and system for bringing in and evaluating components eliminates the need to test and get approval for the same components over and over. "We recommend creating an approved set of components that is accessible and usable by the entire development organization," says Durand. "For example, the Black Duck Suite includes a platform and workflow to create a catalog of approved components. Developers can check the approved list first before spending the effort to find a component on their own, getting it approved, etc." The key, adds Durand, is to standardize on proven OSS components as a best practice using appropriate process, rigor and review of incoming code.

5. Contribute back to avoid forking code -- A big part of the OSS experience is giving back to the community. Some licenses explicitly state how code must be returned to the community. If your development plans include using OSS, it's a good idea to think from the start about contributing code back including bug fixes. Not only will this help your organization eliminate the need to maintain your code as a separate fork, points out Durand, it's a good example of cooperative development at work and you maintain a good working relationship with the community.

For more information about Black Duck's Five-Point Checklist, listen to the podcast with Jeff Durand, VP of Professional Services, Black Duck Software at For more information on Black Duck Software and the Black Duck Suite, visit

About Black Duck Software

Black Duck Software is the leading provider of products and services for automating the management, governance and secure use of open source software, at enterprise scale, in a multi-source development process. Black Duck™ enables companies to shorten time-to-market and reduce development costs while mitigating the management, security and compliance challenges associated with open source software. Black Duck Software powers, the industry's leading code search engine for open source, and is among the 500 largest software companies in the world, according to The company is headquartered near Boston and has offices in San Francisco, Paris, Tokyo and Hong Kong, as well as distribution partners throughout the world. For more information, visit

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Contact Information