Software // Operating Systems
07:20 PM

Proactive Management Required

Many development groups don't know what code sources they have.

Every business needs to focus on cutting costs, improving time to market, reducing risk, and increasing innovation. Open source software is a powerful tool to achieve these goals--as long as you manage its use. Unfortunately, many development groups don't know what code sources they have in their codebases, which opens the door to compliance and security issues.

With these risks in mind, Halliburton Landmark instituted manual processes to track code sources and identify open source within DecisionSpace, our core product for the oil and gas industry. However, the time and staffing resources needed to do this significantly hindered our development life cycle. Manual processes are also prone to human error. We needed an automated way to track baseline code sources that would let us more efficiently manage compliance, minimize error, and proactively use open source in development.

Luckily, there are a number of vendors that provide this kind of support, including Black Duck, OpenLogic, Palamida, and Protecode. We opted for Black Duck Suite, with its database that automatically scans code to check licenses. In addition to heading off potential IP and license issues, Black Duck lets us identify third-party encryption algorithms that require a filing with the Department of Commerce if the code is exported from the United States.

Black Duck has automated the process of tracking and scanning our code base, analyzing approximately 325 million lines of code in 12 months--a process that would have taken more than five years if done manually.

This approach is crucial for the Agile developing we do at Landmark. Automated scanning lets Agile teams identify licensing and compliance issues up front and correct them before they become embedded. Nothing slows the Agile process more than having to backtrack to solve a licensing problem. Programming teams at Landmark also use automated scanning to scan existing open source code for compliance and reuse.

Ralph Priester is director of intellectual capital, configuration management, and third-party compliance at Halliburton's Landmark Graphics.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of August 21, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.