Software Integrity Blog

Author Archive

Phil Odence

phil-odence

Phil is General Manager, Black Duck On-Demand. He works closely with Black Duck’s law firm partners and the open source community. A frequent speaker at industry events, Phil chairs the Linux Foundation's Software Package Data Exchange (SPDX) working group. With over 20 years’ software industry experience, Phil came to Black Duck from Empirix where he served as Vice President of Business Development and in other senior management positions, and was a pioneer in VoIP testing and monitoring. Prior to Empirix, Phil was a partner and ran consulting at High Performance Systems, a startup computer simulation modeling firm. He began his career with Teradyne's electronic design and test automation (EDA) software group in product, sales and marketing management roles. Phil has an AB in Engineering Science and an MS in System Simulation from the Thayer School of Engineering at Dartmouth College.


Posts by Phil Odence:

 

Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

Black Duck audit reports help you understand your license compliance, software security, code quality, and web services risks—and now they’re even better.

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

 

The Apache Software Foundation can take a joke, but not when it comes to licensing

The Apache Software Foundation’s legal group is an interesting microcosm in which to study open source license issues. Generally, what the Apache Software Foundation (ASF) deems good is good for companies looking to consume open source, and what’s not is not. So their open discussions are useful to monitor if you want to keep tabs […]

Continue Reading...

Posted in General, Open Source Security | Comments Off on The Apache Software Foundation can take a joke, but not when it comes to licensing

 

Celebrating freedom with free beer

America is unique (beyond being the only place on the planet not distracted by the World Cup). Amid heaps of controversy over our national identity, freedom remains central to the American culture and spirit. And so as we in the United States enjoy our hot dogs, beers, and fireworks on the Fourth of July, it […]

Continue Reading...

Posted in General, Open Source Security | Comments Off on Celebrating freedom with free beer

 

Open source issues in an M&A target’s code: How do you know?

Until you ask, you don’t know how much open source a target has used, what components it uses, or what open source issues might be latent therein. That’s why open source questions are on the checklist of virtually every acquirer in a tech transaction. And the unfortunate reality is that even asking good questions doesn’t […]

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on Open source issues in an M&A target’s code: How do you know?

 

Black Duck On-Demand and Synopsys: Running the walk

Soon after Black Duck merged with Synopsys, I wrote about my initial impressions of the company, specifically as a home for the Black Duck On-Demand audit business. By way of update, in short, my initial, positive impressions hold. This is the right place for Black Duck and the audit business that so many in the […]

Continue Reading...

Posted in Open Source Security | Comments Off on Black Duck On-Demand and Synopsys: Running the walk

 

Enhanced legal tab in Black Duck On-Demand audit reports

If you have reviewed any Black Duck On-Demand audit reports recently, you may have noticed improvements in the legal tab and the way we report on findings. The new report format has received some very positive reviews, the theme being that it makes reported results more actionable.

Continue Reading...

Posted in General, Open Source Security | Comments Off on Enhanced legal tab in Black Duck On-Demand audit reports

 

Black Duck by Synopsys: Being part of our kind of company

In the wake of selling Black Duck to Synopsys, it’s really interesting work through all facets of integration. An energizing journey it is to learn a new company, something I have not experienced in nearly a decade. Soon after we announced, I explained to my dad some of my experiences interacting with the organization, and […]

Continue Reading...

Posted in General, Open Source Security | Comments Off on Black Duck by Synopsys: Being part of our kind of company

 

Equifax reminds us: Open source audits are only a first step

The Equifax disaster underscores the importance of vigilance even after completing open source audits, particularly with respect to security vulnerabilities. Much has been written about the recent breach. Here’s a good overview. In a nutshell, germane to this discussion, the exploited vulnerability was in a popular open source component, Apache Struts, that was made public […]

Continue Reading...

Posted in Data Breach, General, Open Source Security | Comments Off on Equifax reminds us: Open source audits are only a first step

 

Diving deep into wild and wacky open source licenses

Copyleft terms seemed pretty strange to many seasoned attorneys familiar with commercial software licenses when they first encountered the GPL, but it is far from the weirdest license out there. The GPL-2.0 remains the most popular license and the choice for millions of open source components available today, but there is a long, long tail […]

Continue Reading...

Posted in Open Source Security | Comments Off on Diving deep into wild and wacky open source licenses

 

The quietly accelerating adoption of the AGPL

The AGPL (Affero General Public License) has continued to gain in popularity and is showing up frequently in modern code bases. My blog Are SaaS Companies Immune to Open Source Risk? mentioned a key concern for SaaS or Cloud companies, a class of open source licenses that includes the Affero GPL designed to plug the SaaS loophole. […]

Continue Reading...

Posted in General, Open Source Security | Comments Off on The quietly accelerating adoption of the AGPL