Every good carpenter has a box of tools he carries from job to job: a hammer of just the right weight, a selection of drill bits, and so on. As he gains experience, his toolbox gets heavier with new, and sometimes specialized, equipment. Similarly, programmers accumulate their own tools as they move from job to job, but these tools are digital and often include snippets of code written over the years. And that c Every good carpenter has a box of tools he carries from job to job: a hammer of just the right weight, a selection of drill bits, and so on. As he gains experience, his toolbox gets heavier with new, and sometimes specialized, equipment. Similarly, programmers accumulate their own tools as they move from job to job, but these tools are digital and often include snippets of code written over the years. And that can create a problem, says Vishwanath Venugopalan, an enterprise software analyst with the 451 Group. These snippets are often reused unintentionally in a simple cut-and-paste operation without full knowledge of their former or current company’s intellectual property (IP) policies. What’s more, “the ubiquitous availability of code snippets in blogs and online tutorials poses a bigger risk to intellectual-property hygiene in a company,” Venugopalan says. Although the problem of IP pollution is probably greater in the open source world, the growing popularity of modular, reusable code (think about Salesforce.com’s AppExchange) creates headaches for users and developers of commercial software as well. And that, in turn, is creating a business opportunity for a handful of specialized software companies, including Black Duck Software, Palamida, and most recently Protecode, a startup based in Ottawa, Canada. Interestingly, none of the three major players in this niche are open source.Protecode is a plug-in to the Eclipse IDE that detects and logs the content entering a software project, and then checks it against an online database called the Global Intellectual Property Server, or GIPS. That’s much easier and more accurate than relying on memory and manual record keeping. Companies can set policies to restrict the code that can be brought into the project based on the license type (such as to restrict GPL code usage). If a programmer uses code that isn’t yet licensed by the employer, Protecode will create a bill of materials needed to comply with licensing provisions. Because Java, C, and C++ code can be developed in Eclipse, the product’s integration into Eclipse lends its support for these programming languages. Protecode has indicated that Visual Basic support might be in the cards as well, says Venugopalan. IP purity is gaining the attention of developers who work with the Department of Defense, which is using more and more open source software, despite some bureaucratic misgivings. One roadblock: the lack of a highly developed and widely recognized governance regime for open source, said Brigadier General Nickolas Justice, in a recent interview with Military Information Technology. The Multinational Information Sharing Initiative (MISI), for example, is part of a DoD effort to share counterterrorist information among the nine countries of trans-Saharan Africa. MISI, which will also have many nonmilitary uses, was deliberately built around open source to make it easy to deploy by organizations within those countries that might balk at the hefty licenses fees charged by commercial software vendors, says Bernard Golden, CEO of Navica, which developed a governance framework for the project. “To work with open source, you have to adhere to the letter and the spirit of the license,” Golden says. Sure, that seems obvious, but MISI has to keep track of 60 or so open source products while being careful not to let unlicensed software slip into the code base. Unknown code also creates a support problem, Golden adds. After all, without knowing the provenance of the code, how can a support engineer identify and fix a problem? Because Protecode and its competitors are privately held, it’s not clear how much, if any, money they are making. A point in their favor is the relatively high bar for entering the market. The real value is in the database, which takes years to accumulate. The code itself is not that difficult to assemble, says Venugopalan.Also unclear is the effect that HP’s code analysis tool will have on the trio. It’s available for download at the FOSSology Web site. What is clear, though, is the continuing development of the open source ecosystem. The stronger it gets, the more likely it is that the remaining doubters in the Pentagon and mainstream business will come aboard. I welcome your comments, tips, and suggestions. Reach me at bill_snyder@infoworld.com. Technology Industry