LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Black Duck - But No SCO (IT-Director)

Black Duck - But No SCO (IT-Director)

Posted Jul 11, 2005 21:19 UTC (Mon) by rm6990 (guest, #30921)
Parent article: Black Duck - But No SCO (IT-Director)

I don't understand something....they say they check to see if OSS code has been used in in-house applications. But doing so does not violate any licenses I am aware of, so why does it matter anyways?

(Log in to post comments)

Black Duck - But No SCO (IT-Director)

Posted Jul 11, 2005 21:30 UTC (Mon) by JoeBuck (subscriber, #2330) [Link]

Their target market appears to be companies that develop proprietary software and that don't trust their own employees' ethics or judgment. Presumably the company would then use Black Duck's tool to catch their own employees grabbing some free software off the net, stripping copyright notices off, and checking it in as their own work.

Black Duck - But No SCO (IT-Director)

Posted Jul 11, 2005 21:42 UTC (Mon) by rm6990 (guest, #30921) [Link]

It's useful for companies whose business is to write software. It's also useful for IT Departments that might like to know if Open Source has crept into their applications. It can also be used to test any code against any code, and thus the technology is often used under non-disclosure.

(Quoted from linked article)

Black Duck - But No SCO (IT-Director)

Posted Jul 12, 2005 0:55 UTC (Tue) by AnswerGuy (subscriber, #1256) [Link]

The earlier respondent's comment still stands. Companies are trying to
find out if some of their programmer's are unscrupulously merging open
source code into their applications while claiming it as their own work
(and presumably goofing off during all the time that they claim it took
them to write it).

Also a company that produces an in-house applications still has a legitimate interest in ensuring that they own their code outright. They may eventually wish to turn it into a proprietary product for their business partners or even their competitors. (Sometimes companies migrate out of one business and into an ancillary business by shifting from a direct supplier into a niche that provides products or services to the suppliers).

In any event the product sounds interesting though the technology sounds fairly similar to the sorts of analysis required by anti-virus software for detecting polymorphic viruses.

(In both cases you want to detect an underlying constant --- flows of execution or semantic patterns even in the face of various forms of obfuscation (identifier renaming, conditional reversal and redundant extraneous conditionals, etc).

The idea is to raise the bar so that plagiarists will have to do as much work to successfully obfuscate the stolen code as they would to just code up the implementation themselves.

JimD

Black Duck - But No SCO (IT-Director)

Posted Jul 12, 2005 2:00 UTC (Tue) by dmarti (subscriber, #11625) [Link]

Outsourcing could be another big area of concern here. If you hire an outside firm to develop something for you as a work for hire, it makes sense to make sure that you got your money's worth.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds