EclipseCon Report: Protecode Introduces “Preventive” IP Management | Code, Protecode, Approach, Open

SOFTWAREonSTRATEGIES

Syndicate

Login Form

Most Recent

PayPal Developer Program Deep Dives Payment Processes

SAS Adds Predictive Monitoring to VMware

CheckPoint’s Zone Alarm Virtualizes Browser Protection

Genuitec Makes Pulse Service Portable, Sharable

Hyperic Proves MySQL Can Become Industrial-Strength

Fujitsu Service Draws Hidden Business Processes from System Logs

Morph Labs Adds Management Tier to the Cloud

Salesforce.com Gets Visual

JavaOne 2008: JavaFX Hits Broadway

Aras Globalizes Open Source PLM, Gains Microsoft Certification

Sun Burnishes Open Source Credentials at CommunityOne

EnterpriseDB Announces Blade Partner Program

Software 2008: SaaS is the thing This Year

EclipseCon Report: Protecode Introduces “Preventive” IP Management

PDF

| Print |

E-mail

Sunday, 16 March 2008

One of the riddles of open source is the numbingly huge variety of licenses out there. While some licenses protect copyrights, others push copyleft (e.g., sharing code is mandatory), with seemingly infinite variants in between. The challenge for organizations working with open source is ensuring that the licenses applying to code that they use do not conflict with corporate policies regarding consumption and sharing of intellectual property (IP).

Protecode, a year-old startup, is having its coming out party at EclipseCon this week, unveiling an approach that differs from what established providers like Black Duck Software and Palamida already provide. Protecode takes what it terms a “preventive” approach in that it installs an agent on the developer’s machine, which then logs the signature of each bit of external code that the developer imports. By contrast, Black Duck and Palamida scan your code after the fact in a manner similar to that of anti-virus software. (Recently, Palamida has shifted gears, providing services tracking bugs and security leaks in open source.)

The end result in each case is the same: each provider checks the signatures of the code against its database, and then reports what license applies. One distinction is how Protecode handles exceptions that are not covered by its database; rather than let the unidentified code fall through the cracks, it files and exception report, and also gives the developer a chance to annotate a comment field so at least the variances have some context or knowledge stored to help identify or explain what they are, or where the code originated from.

The company claims that its approach is not obtrusive in that checking the code as it comes into your machine is a momentary inconvenience, and that its approach does not add overhead when you’re in the heat of development.

Protecode will be releasing its tool as an Eclipse plug-in, which relieves it of the need to maintain its own deployment mechanism; it can simply hitch a ride on the OSGi framework that Eclipse has approached for dynamic deployment of plug-ins.

At this point, Protecode has tested its tool with 40 users, with a wider trial set for May, and general release planned in June.