Software Integrity Blog

Author Archive

Phil Odence

phil-odence

Phil is General Manager, Black Duck On-Demand. He works closely with Black Duck’s law firm partners and the open source community. A frequent speaker at industry events, Phil chairs the Linux Foundation's Software Package Data Exchange (SPDX) working group. With over 20 years’ software industry experience, Phil came to Black Duck from Empirix where he served as Vice President of Business Development and in other senior management positions, and was a pioneer in VoIP testing and monitoring. Prior to Empirix, Phil was a partner and ran consulting at High Performance Systems, a startup computer simulation modeling firm. He began his career with Teradyne's electronic design and test automation (EDA) software group in product, sales and marketing management roles. Phil has an AB in Engineering Science and an MS in System Simulation from the Thayer School of Engineering at Dartmouth College.


Posts by Phil Odence:

 

Know your code—and know your stuff!

An open source audit digs into a codebase to see what’s inside. Find out what our audit services team unearthed in the 1,200+ codebases we reviewed in 2018.

Continue Reading...

Posted in Open Source Security | Comments Off on Know your code—and know your stuff!

 

Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

Black Duck audit reports help you understand your license compliance, software security, code quality, and web services risks—and now they’re even better.

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

 

The Apache Software Foundation can take a joke, but not when it comes to licensing

Usually, what the Apache Software Foundation (ASF) deems good is good for companies looking to consume open source. What do they say about “joke licenses”?

Continue Reading...

Posted in General, Open Source Security | Comments Off on The Apache Software Foundation can take a joke, but not when it comes to licensing

 

Celebrating freedom with free beer

America is unique (beyond being the only place on the planet not distracted by the World Cup). Amid heaps of controversy over our national identity, freedom remains central to the American culture and spirit. And so as we in the United States enjoy our hot dogs, beers, and fireworks on the Fourth of July, it is also a great time to celebrate the four freedoms of FOSS (free and open source software).

Continue Reading...

Posted in General, Open Source Security | Comments Off on Celebrating freedom with free beer

 

Open source issues in an M&A target’s code: How do you know?

Until you ask, you don’t know how much open source a target has used, what components it uses, or what open source issues might be latent therein. That’s why open source questions are on the checklist of virtually every acquirer in a tech transaction. And the unfortunate reality is that even asking good questions doesn’t guarantee a good answer, because most targets simply don’t know themselves. That’s why audits are frequently a component of M&A due diligence.

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on Open source issues in an M&A target’s code: How do you know?

 

Black Duck On-Demand and Synopsys: Running the walk

Soon after Black Duck merged with Synopsys, I wrote about my initial impressions of the company, specifically as a home for the Black Duck On-Demand audit business. By way of update, in short, my initial, positive impressions hold. This is the right place for Black Duck and the audit business that so many in the industry have come to rely on.

Continue Reading...

Posted in Open Source Security | Comments Off on Black Duck On-Demand and Synopsys: Running the walk

 

Enhanced legal tab in Black Duck On-Demand audit reports

If you have reviewed any Black Duck On-Demand audit reports recently, you may have noticed improvements in the legal tab and the way we report on findings. The new report format has received some very positive reviews, the theme being that it makes reported results more actionable.

Continue Reading...

Posted in General, Open Source Security | Comments Off on Enhanced legal tab in Black Duck On-Demand audit reports

 

Black Duck by Synopsys: Being part of our kind of company

In the wake of selling Black Duck to Synopsys, it’s really interesting work through all facets of integration. An energizing journey it is to learn a new company, something I have not experienced in nearly a decade. Soon after we announced, I explained to my dad some of my experiences interacting with the organization, and he was impressed. “That sounds like my kind of company,” he commented. And he was right. In his business career, he demonstrated as much integrity as anyone I know. And I am learning that Synopsys is the Larry Odence of tech companies — and just the right home for the Black Duck On-Demand open source audit business.

Continue Reading...

Posted in General, Open Source Security | Comments Off on Black Duck by Synopsys: Being part of our kind of company

 

Equifax reminds us: Open source audits are only a first step

The Equifax disaster underscores the importance of vigilance even after completing open source audits, particularly with respect to security vulnerabilities.

Continue Reading...

Posted in Data Breach, General, Open Source Security | Comments Off on Equifax reminds us: Open source audits are only a first step

 

Diving deep into wild and wacky open source licenses

Copyleft terms seemed pretty strange to many seasoned attorneys familiar with commercial software licenses when they first encountered the GPL, but it is far from the weirdest license out there. The GPL-2.0 remains the most popular license and the choice for millions of open source components available today, but there is a long, long tail of over 2700 licenses in the Black Duck KnowledgeBase — many of which are one-offs. While the GPL has come to be reasonably well-understood, a number of licenses on the lunatic fringe will surprise and perhaps amuse. Between the blankety-blank license lines Several unusual licenses flout the concept of a license altogether. Between the lines, they seem to say, “OK, we’ll play along, but we don’t need no $#(&@ing license.” A few of this class, in fact, employ similarly colorful language to make that point. Best known of these is the WTFPL, the license that says you can do what the F you want. It’s pretty clearly intended to be the most permissive license in the world. However, some companies, notably Google, find the grant of rights too vague and prohibit use of software under that license.

Continue Reading...

Posted in Open Source Security | Comments Off on Diving deep into wild and wacky open source licenses