Black Duck Software Marks the One-Year Anniversary of GPLv3 with an Examination of Trends in Use

Software Industry’s Top Expert on Adoption of Open Source and Associated Licenses Tracks Developments in GPL Use Over the Past Year, Offers Prediction on Future Use

WALTHAM, Mass., June 18, 2008—Black Duck Software, the leading global provider of products and services for accelerating software development through the managed use of open source software, marked the first anniversary of the release of version three of the open source GNU General Public License (GPLv3) with a study of trends in its use. Black Duck is the creator and maintainer of the software industry’s most complete source of information on open source licenses, the Black Duck KnowledgeBase, which contains information on more than 1,400 licenses.

The Free Software Foundation (FSF) finalized updates to the GPL one year ago, after an intensive review process that involved individuals and organizations from across the open source community. Projects are not required to move to GPLv3 or to remain with earlier versions, such as GPLv2. Decisions about licensing impact the thousands of software development organizations that choose to benefit from the quality, flexibility and ready availability of open source software. The GPL is notable for its requirement that software developers who make changes to the code contribute those changes back to the open source community, especially if the software is distributed or used in online applications.

Core observations, made by comparing changes in open source license use between June 2007 and June 2008, include:

• GPL use holds steady—The GPL family of licenses is the most widely used in open source, with about 70 percent of all open source projects covered by GPL, Lesser GPL (LGPL) or Affero GPL (AGPL) licenses. When considering all GPL licenses together, the total figure is essentially unchanged over the past year.

• Thousands choose v3—Since the release of GPLv3, 2,345 open source projects have opted to use the license. The number of projects covered by GPLv3 has been growing at a rate of about 20 percent per month over the past six months. Ubuntu, SugarCRM, Samba and Funambol are a few of the widely used projects that have selected GPLv3.

• Yet most remain with v2—Approximately 58 percent of open source projects today are covered by GPLv2 and an additional 11 percent by LGPLv2. Most of the widely used open source projects, including Linux, JBoss and Hibernate, remain with version two.

• Use of GPL licenses is increasingly split—While the overall number of projects that select AGPL is still relatively small, its use is clearly on the upswing, with adoption accelerating from a few per month at end of 2007 to almost 20 per month in recent months. The Affero license addresses licensing issues specific to online vendors.

• Dual licensing on the rise—The GPL is a reciprocal license that compels developers to return changes they make to the code to the open source community. Other licenses, such as Apache, Berkeley and Mozilla, are more permissive—developers have more flexibility to change code and apply that code as they choose. Open source vendors such as MySQL, SugarCRM and Pentaho increasingly license free versions of their products under the GPL to allow potential customers to test the software, but then use a different license for the commercial version.

“We saw rapid conversion out of the gate on established GPL projects to version three, more so than adoption by newer projects,” said Douglas Levin, founder and CEO of Black Duck Software. “It seems that version two is, simply put, good enough or preferable for some of the bigger projects. The new provisions of GPLv3, which were mostly around digital rights management (DRM) and patent infringement, aren’t necessary for most projects. Looking ahead, we’d expect to see movement to version three to slow to an average increase of 10 percent a month, which is still 183 percent growth for the year. Regardless of this relative drop-off in movement to GPLv3, there are still likely to be more than 6,000 projects using the license a year from now. Although we don’t expect it, these projections could alter substantially if one or more of the major open source projects currently on GPLv2 were to move to version three.”

In addition to the Black Duck KnowledgeBase, the company maintains an extensive online resource about open source adoption, which is available at http://www.blackducksoftware.com/oss. A full list of open source projects that have converted to GPLv3 is at http://www.blackducksoftware.com/oss/project-list.

About Black Duck Software

Black Duck Software is the leading global provider of products and services for accelerating software development through the managed use of open source and third-party code. Black Duck™ enables companies to shorten time-to-market and reduce development and maintenance costs while mitigating the risks and challenges associated with open source reuse, including hidden license obligations, security vulnerabilities, unsupported open source and version proliferation. The company is headquartered near Boston and has offices in San Francisco, Amsterdam and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

# # #

Black Duck, Know Your Code, protexIP, transactIP and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. exportIP and Koders are trademarks of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts