What's In Your Code?

Twice today... Maybe my new year's resolution is working...

Just saw this blog entry from Dana Gardner, talking about IP ingredients. I have been wanting to say more on the subject, but I think that Dana described it better than I could. We made this announcement in december, and set up IPingredients.org at the same time. Our hope is that we can start a dialog on the point that transparency in software content is a good thing, whose time has come. Obviously we have a commercial interest, but the notion is broader than that. If you think this idea has merit - visit IPingredients, and lets discuss how to move forward.

What a terrific article in Network Computing on the "coming of age" of open source in the enterprise. I think the tone is one we'll see more of... ie the role of open source in enterprise computing is not in question...we're into the details of how to make it pay off. This is one worth reading.

Pretty strong words from an EC official in a speech yesterday. His point...that Europe is falling behind the rest of the world in terms of open source adoption and failing to capture the "...economic and social values". What should they do about it? One of the suggestions is to "reduce the uncertainty that people...have about the use of open source". I couldn't agree more...when you know whats in your code, the FUD (fear, uncertainty and doubt) factor goes down. That's why we do what we do at Palamida.

One of the things I noticed as I got deeper into the open source world was the proliferation of licenses. There are now some 60 licenses under which open source code is released. Even though the majority of projects use GPL or BSD licenses, there is still potential for confusion. So in checking, I found the OSI position on license proliferation. I was impressed by the thoughtful attempt to put the brakes on the number of new license types, but even more importantly, to state clear directions and principles. Good work. I hope it succeeds.

At a conference Wednesday sponsored by Open Bar, Open Source Risk Management Group, and Riseforth held in Santa Clara, Heather Meeker, a lawyer at Greenberg Traurig LLP, gave some practical advice on open source risk management. Some of her comments (courtesy of Theresa Bui Friday from Palamida who attended) are below...

...There are real commercial advantages for using open source software...(open source can be) more stable, more secure, quick to customize and lower cost of ownership

...open source licenses require interpretation...the industry context is important

...but more important than interpretation is provenance ie. where did this software come from

...finally, code audits should be an on-going process

So, no huge breakthrough here, but it does tie in with a few of the points that we think are important. First of all, software shouldn't attempt to make legal decisions. Thats why setting your 3rd party software policies requires the proper legal advice. Then let computers do what they are good at - laborious, repetitive tasks that  insure that you are operating with full knowlege of whats in your code. Also, that auditing for third party code should be be an on-going part of the software development process.

When I asked the question, “how should I start my blog?” the answer I got was “type something”. So here goes.

If you’re reading this, the chances are you found it via the web site for Palamida, a company I’ve just joined as CEO. I also suspect that you’ve had at least a few minutes to look at the site, and have some idea about what Palamida is about, so I’ll save that for a minute.

I’ve joined Palamida after 10 years at Sun (and a bit of R&R for the past few months). Before that I worked at MasPar, which was a massively parallel computer startup, and HP. During my time at Sun I did a number of things, including the Sun-Microsoft settlement (with lots of great help of course), iPlanet, where I was GM for the entire three  years before that was folded back into Sun, and GM of the consumer-embedded group where we built Java for portable devices. In the process I worked with lots of great people, who did amazing work on tight schedules and tight budgets.

And now Palamida.

I’m excited to be here. Palamida has a terrific set of founders - Jeff, Ray, and Theresa. They bring the invaluable experience of having done a startup together before. And the equally valuable experience of dealing with the exact issue that Palamida solves today, as developers in their prior company. The company has experience and insightful investors in Mitchell Kertzman from Hummer Winblad and Matt Miller from WaldenVC. You may know Mitchell from his days as CEO of Powersoft, Sybase and Network Computer, and Matt from Gupta.

And, it’s a new, interesting space. In fact, new enough that it doesn’t have a category. So here’s a list of possibilities…

• Software Integrity Management
• Intellectual property management and compliance
• Intellectual Property Integrity Software
• Compliance Automation Software

…and so on

Regardless of what you call it, it is a direct result of a sea change in how software is built. As little five years ago most software was built by developers who worked for the same company as you and to whom you could talk at lunch. Its very different today. The software in your product today could have hundreds of authors, some of whom you might know because you have lunch with them, many of whom you will never know. They may work for another company from whom you’ve licensed code, they may work for a contractor halfway around the world, or they may be contributors to an open-source project.

Open source may be free, but it’s not without responsibilities

All of these sources of software represent innovation and value. And a product built using multiple sources of innovation may well be finished sooner, at lower cost, and with higher quality. But no matter where the software came from, it came with license terms and conditions attached.

And thats the point...given the variety of sources from which software can be assembled today, it is important to know what's in your code and be sure that you are using it according to the license terms.

Is this about the IP police, or about the era of particpation?

I think it's about the era of participation. I think that transparency in code origin will be a big factor in reducing the uncertainty and raising the confidence level in terms of incorporating 3rd party code.  If you know what companies, and what communities were the sources of the software innovation that you are using, it becomes easier and more productive to participate with them.

Where I'd like to go with the blog

IP integrity is the term I think I'll use to describe what I'll be writing about. In the process, I hope to be able to persuade some of you to add your ideas and opinions. And,  maybe deliver a bit more clarity about the future of the way we think about and create the applications that change the way we all work and live.

So, lots more to come. Welcome... send me feedback and thoughts...