Software // Operating Systems
News
12/17/2009
07:20 PM
Connect Directly
RSS
E-Mail
50%
50%

Proactive Management Required

Many development groups don't know what code sources they have.

Every business needs to focus on cutting costs, improving time to market, reducing risk, and increasing innovation. Open source software is a powerful tool to achieve these goals--as long as you manage its use. Unfortunately, many development groups don't know what code sources they have in their codebases, which opens the door to compliance and security issues.

With these risks in mind, Halliburton Landmark instituted manual processes to track code sources and identify open source within DecisionSpace, our core product for the oil and gas industry. However, the time and staffing resources needed to do this significantly hindered our development life cycle. Manual processes are also prone to human error. We needed an automated way to track baseline code sources that would let us more efficiently manage compliance, minimize error, and proactively use open source in development.

Luckily, there are a number of vendors that provide this kind of support, including Black Duck, OpenLogic, Palamida, and Protecode. We opted for Black Duck Suite, with its database that automatically scans code to check licenses. In addition to heading off potential IP and license issues, Black Duck lets us identify third-party encryption algorithms that require a filing with the Department of Commerce if the code is exported from the United States.

Black Duck has automated the process of tracking and scanning our code base, analyzing approximately 325 million lines of code in 12 months--a process that would have taken more than five years if done manually.

This approach is crucial for the Agile developing we do at Landmark. Automated scanning lets Agile teams identify licensing and compliance issues up front and correct them before they become embedded. Nothing slows the Agile process more than having to backtrack to solve a licensing problem. Programming teams at Landmark also use automated scanning to scan existing open source code for compliance and reuse.

Ralph Priester is director of intellectual capital, configuration management, and third-party compliance at Halliburton's Landmark Graphics.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.