Monday, January 28, 2008

Innovation in the Open Source Software Era

In the technology industry, people always predict that innovation will come with loud fanfare – a great, big product announcement at a trade show, etc. – when in most cases, it happens quietly, all around us. So it has been with component-based development. This trend was hyped in the 1990’s during object oriented programming era with its perfect acronym “OOPs”. When it fell short of expectations, the term went out of vogue. Today it is not exactly a common phrase, but quietly and steadily, it has become a common parlance and practice again.

Managing a software development organization used to be about project management and execution. You gathered available resources into a hierarchical organization, directed them toward a goal, and managed the critical path. Anyone who manages that way today is a dinosaur.

The savvy development manager today knows that the resources outside his/her organization are equal to or even more important than the resources on payroll. Today, growing numbers of development managers are leveraging code from third parties: open source, vendors, partners and other internal groups (which in large organizations resemble third parties in many respects). I see surveys weekly showing how much open source code companies are bringing into their source base. The numbers vary from as low as 15% to as high as 60%, but the surveys have one thing in common – the amount of open source being used is increasing.

As usual, developers are way ahead of management in this trend. That’s always both good and bad. Leveraging external code can help get companies to market faster, but there are issues which must be managed such as hidden license obligations and security vulnerabilities. Also, a company doesn’t get as much benefit from leveraging code if they don’t provide a mechanism for developers to standardize around specific components or even versions. For example, if multiple components or multiple versions of a component proliferate within an organization it becomes a huge support and maintenance effort. Developers are resourceful, but they won’t necessarily self-organize around a product platform. Management brings that to the table.

Today Black Duck is unveiling our second flagship product: Black Duck Code Center. It's a soup-to-nuts management framework for code reuse that is propelled by the Black Duck KnowledgeBase – the very same KB that powers protexIP, our first flagship product. Now, in one place, enterprises can track and manage open source and third-party code throughout the entire software development lifecycle. Think of it as an enterprise clearinghouse for all kinds of code.

Black Duck Code Center accelerates software development by assisting developers with the search and selection of code that meets their needs, drawing on the Black Duck KnowledgeBase. Then Black Duck Code Center speeds the organizational approval – a developer can kick-off an approval with the push of a button, and Black Duck Code Center walks the component approval through legal, security, risk, QA or any other approvals that a company requires. Black Duck’s automated process gives management the visibility and oversight that they need while freeing developers from burdensome process and bureaucracy. Furthermore, it allows companies to create and internally publish a catalog of approved components which allows engineers to share their work with their peers.

Black Duck Code Center facilitates the creation of an “in use” approved components list called a Bill-of-Materials (BOM) for a software application. Once that is done, Black Duck’s other major product, protexIP, can be used to analyze whether the actual BOM matches the approved BOM. Black Duck has analyzed code from hundreds of companies and our experience is that it is rare for a code base not to contain something unexpected. Good practice requires both front-end coordination and back-end checks and balances.

If you want to learn more about Black Duck Code Center, please have a look at the press release we posted today on the Black Duck home page. We're confident that Black Duck Code Center is a required innovation that acts as a clearinghouse to help enterprises fully realize the benefits of open source and third-party code.

No comments: