Industry First Provides Insights into Embedded Licenses in One Million Open Source Projects
Burlington, MA July 16, 2013 – As enterprises increase their utilization of open source software (OSS) to accelerate development innovation and drive down costs, the importance of having up-front visibility into OSS licenses and their associated obligations takes on even greater importance. Based on analysis of one million open source projects, new data from Black Duck Software shows that while 60 percent of OSS projects have a clearly declared license, 40 percent of the world’s OSS projects have no explicitly declared or identifiable license, raising questions for many enterprises about their ability to take advantage of these projects.
Black Duck’s new Deep License Data™, available in the latest Black Duck Suite® 6.5 release, is an industry first, providing up-front visibility into the embedded licenses that exist within projects having no declared license. These insights will be pivotal in helping organizations make decisions on the potential use of these projects. With Gartner estimating that enterprise end user software spend was $342B in 2012 , the ability to “unlock” an additional 400,000 OSS projects creates an additional $59B potential cost savings opportunity, $9.5B of that in the financial services industry alone.
“The lack of a declared license for an open source project can cause an enterprise to steer clear of it, limiting the projects organizations can use,” said Mark Driver, Vice President and Research Director, Gartner. “The ability to access embedded license information and obligations up-front during the code selection process opens a sizeable opportunity for enterprises and could have significant impact on their bottom line.”
Uncovering Embedded Licenses in GitHub Projects, a Substantial Opportunity for Enterprises
This possibility is readily apparent for projects hosted on GitHub, the popular OSS project-hosting site. New data from Black Duck indicates that 77 percent of projects on GitHub have no declared license, compared to only seven percent of projects from all other open source forges. Further analysis from Black Duck’s Deep License Data shows that of this 77 percent, 42 percent of GitHub projects actually have embedded licenses that carry specific obligations for use. Providing up-front visibility into embedded licenses and their associated obligations gives organizations the insight needed to make informed decisions about using such projects, and dramatically expands the OSS adoption opportunity.
“It’s no longer enough to know the declared license associated with a component; deep license data that exposes licenses associated with snippets, files or strings may determine whether or not we use a particular component. And finding this information out early in our development process will be invaluable to our organization,” said John Generelli, ADP Sr. Director Software Asset Management Compliance.
Additional Suite 6.5 Features
- New Security Vulnerability Severity Filtering helps teams focus on the highest priority issues first, while filtering out non-critical issues.
- Smarter Results Filtering speeds FOSS identification using advanced matching techniques.
- Metadata from Ohloh helps developers assess the level of open source project activity when evaluating projects to use in development.
“The opportunity our Deep License Data provides is very exciting for both enterprises and developers,” said Black Duck President and CEO, Tim Yeaton. “We’ve analyzed one million projects for embedded license information so our customers can access it at the beginning, and also throughout, the development process. As a result, more projects can be considered for use during the code selection stage of development – enabling developers to make informed component choices, and allowing enterprises to build better software faster, confident from the start that they can meet the code’s license obligations for use. Suite 6.5 is an important part of our mission to help organizations harness the power of open source technologies and methods for faster innovation, greater creativity and improved efficiency.”
Black Duck Suite 6.5 is available now. For more information please visit: http://www.blackducksoftware.com/black-duck-suite.
View the infographic: http://www.blackducksoftware.com/resources/infographics/deep-license-data
About Black Duck Software
Offering award-winning software and consulting, Black Duck is the partner of choice for open source software adoption, governance and management. Enterprises of every size depend on Black Duck to harness the power of open source technologies and methods. As part of the greater OSS community, Black Duck connects developers to comprehensive OSS resources through Ohloh.net, and to the latest commentary from industry experts through the Open Source Delivers blog. Black Duck also hosts the Open Source Think Tank, an international event where thought leaders collaborate on the future of open source. Black Duck is headquartered near Boston and has offices in San Mateo, St. Louis, London, Paris, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information about how to leverage open source to deliver faster innovation, greater creativity and improved efficiency, visit www.blackducksoftware.com and follow us at @black_duck_sw.
Forecast: Enterprise IT Spending by Vertical Industry Market, Worldwide, 1Q13 Update, published: 18 April 2013, ID: G00249263