A sea change is taking place in software development. It is a paradigm shift that offers great promise but also introduces new risks. Organizations that recognize and mitigate these risks will realize significant competitive advantages. For executives at companies that develop software, the first step is to understand and embrace the changes that are happening in software development. They also need to explore new approaches to protecting their valuable software intellectual property.
Blending Open Source, Third-Party and Proprietary Code
Today’s developers are members of an active and interconnected global community. Rather than producing software from scratch, they tap into resources from around the world to select the best component parts for their software projects. They routinely combine open source code, software provided by outsource vendors, and their own company’s code to create finished applications. Essentially, they put together software puzzles from thousands of different pieces for many different sources. The completed puzzles are ‘composite’ applications. This assembly model has also become federated, with development groups organizing around their favorite – often far-flung – sources of code.
Federated assembly of composite applications is the way of the future in the software industry. Companies that develop software, either for commercial sale or for in-house use, are using this method now to accelerate project schedules, improve software quality, and reduce development costs. Businesses are realizing that they need to move quickly to gain the advantages of software assembly, or else fall behind more aggressive and nimble competitors.
Outsourced, Open Source and ‘Made Here’ Code
As is the case with so many other changes, the Internet has been a major driver of this shift. Its global connectivity enabled the Open Source movement to take hold and flourish, with millions of developers now contributing to innumerable open source projects. It provided the platform for collaborative outsourcing and offshoring. It also made it easier for enterprise IT groups to break up their software into component parts and share them inside their organizations.
It is clear that development teams can improve their performance and work product by using prefabricated software components. However, developers with instant, global access to often ‘free’ software components and libraries can easily bypass company policies and procedures on software acquisition and licensing review and approval. The result often is significantly increased business risks.
Mixed Intellectual Property Licensing Models
By combining external components with their proprietary code, companies create a complex mix of intellectual property, or ‘mixed IP’. Whether commercial or ‘free’, all software IP carries licensing obligations with which companies must comply. In a mixed-IP environment, the volume of licenses to be understood and tracked can quickly become a challenge. Further, those licenses often conflict with one another. If left unresolved, these conflicts can result in software assets with serious intellectual property problems.
Realigning Business Processes
Should a company bring a product to market even though it does not know exactly what is in that product’s code? Today the answer must be a resounding ‘no’. Companies are being surprised by compliance problems late in the development cycle with increased frequency:
- A lawsuit filed over violated IP rights forces a company to remedy the infraction with a costly and embarrassing product recall.
- IP concerns cause a large customer to back away from a major product purchase.
Unresolved IP issues force a funding source to cancel a planned equity investment.
- A code review during due diligence raises questions about open source license compliance, resulting in cancellation of a planned acquisition.
- A software company’s customers demand indemnity against any legal claims associated with their use of the company’s product.
- A public company finds that it cannot report accurately on the acquisition, use and disposition of its software IP under the Sarbanes-Oxley Act.
To ensure license compliance, companies need clear visibility into the origins, ownership, and license requirements of each component used in their software. However, with so much reuse occurring, traditional procurement methods and controls are proving to be inadequate.
New Complexity Brings Challenges
Innovative companies see the upside and business acceleration that this model offers. Many of these organizations also are recognizing the risks they will incur without better intellectual property controls. The problem is that in most software development organizations, the use of open source and third-party components is well underway. It is flying below internal risk management and compliance systems and processes.
There are simply too many developers, too many lines of code, too many licenses, and too many terms that conflict in governing distribution, attribution, and use. There are over 50 authorized open source licenses with hundreds of additional unauthorized versions now in use, plus thousands of proprietary licenses. New open source licenses are authorized every month. The SCO Group suit is the tip of a growing iceberg.
As companies wake up to this reality, they introduce manual audits into the development process, commission expensive cross-functional review boards, invest in a variety of inefficient, homegrown tracking systems, and engage costly outside audits and legal analyses. These measures impede the flow of third party and open source components into, and out of, the software development process, inaccurately value software assets, and put the intellectual property of the company at risk.
The bottom line is that composite application development, fast Internet connections, and cut-and-paste coding is here to stay. Instead of putting blinders on, instituting unrealistic bans, or engaging in half-hearted manual controls, corporations that develop software as a strategic asset must step up and actively govern how they create, manage, and license software assets.
A Better Way – Software Compliance Management
To get this activity under control, accrue its benefits, and avoid the risks, companies need to automate the process. They need systems that let them manage the introduction of licensed material into their software assets, and automate component and license identification. To be effective, these systems also need to be able to surface the critical licensing issues that require the attention of corporate lawyers and risk managers – before those issues become problems for customers, partners, and investors.
These solutions, known as Software Compliance Management (SCM) systems, are available today. SCM systems are being implemented by a rapidly growing roster of the world’s leading technology companies and enterprise IT organizations who gain new discipline as well as accuracy and efficiency in the management of the intellectual property element of software development.
SCM systems let developers, marketers, and lawyers govern software assets without bogging down development or limiting its possibilities. They enable companies to proactively and confidently combine homegrown, third party, and open source software to build applications that meet internal or market needs – without putting assets at risk.
Compared with expensive, restrictive, and ineffective manual software governance systems that will hold back the industry, SCM solutions will encourage and accelerate the natural transformation of software development into a component and open source integration process.
By making it possible for companies to increase their use of software created outside their four walls, SCM systems will help fuel software innovation in the industry and set the stage for companies to increase the quality of their software. By gaining control over the intellectual property aspects of software, developers will be able to select and use the best externally sourced components knowing they are not infringing on patents, copyrights, or trade secrets, or worrying that they will be forced to publish proprietary software to the open source community.
Gain Advantages – Moving Now
There is no denying that we – the entire industry – have entered a new era in software development. Clinging to rusty processes set up during what now seems like the Pleistocene Era of software development is not a winning strategy. Organizations that choose to ignore this reality do so at their own peril. The speed with which the software and technology industries move today will deliver negative consequences faster than ever before.
Conversely, companies that quickly embrace the new reality of federated assembly of composite applications – and the ramifications it presents for intellectual property – will have a big head start and gain significant competitive advantages.
The future of software development is already here. Don’t be the last company in your segment to see the critical, enabling role SCM systems will play in that future.
Douglas A Levin is president and CEO of Black Duck Software, the leading provider of software compliance management systems. Black Duck’s solutions help companies govern how software assets are created, managed, and licensed. The company’s protexIP’ product suite lets businesses understand and effectively manage software license compliance. Learn more at: