Scanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels

Scanning Open Source Software and Managing License Obligations on IBM SmartCloud Because code travels 1

Webinar Agenda Protecode & IBM SmartCloud Company IBM Partnership Solutions Managing Code Obligations and Other Attributes How it fits in a development lifecycle Methods and tools Hosted solution Demo Q/A Contacts Mahshad Koohgoli koohgoli@protecode.com Tiberius Forrester tforrester@protecode.com 2

Protecode Corporate Summary Overview Established in 2006 World-wide partner network Products & services Products: Real-time, and on-demand, software obligations management Hosted and on-premises solutions Services: Value Software Audits, Code Portfolio Comparison Accelerates time to market and reduces development cost Reduces IP uncertainties, highlights security vulnerabilities and ensures compliance 3

Protecode Market Global Sales Partners in Germany, Multiple Market Segments Telecom Scandinavia, France, Ireland, Israel, India (Bangalore), South Korea, Japan Semiconductors Gaming Mil/Aero Academic & Research IT Services Health Entertainment ISV s Global Service Partners North America, Germany, Embedded Real Estate Mobile Japan, India 4

Testimonials Protecode's approach might actually encourage more pragmatic uses of open source Vishwanath Venugopalan, 451 Group Protecode is trying to distinguish itself by focusing on analysis through the lens of broader IP policy support. Brian Prentice, Gartner Protecode is among only a few vendors capable of analyzing code through its use of source code signature databases Jay Lyman, 451 Group New capabilities that simplify usage and reduce manual effort that help support compliance obligations make it easier for organizations to leverage open source code, Melinda Ballou, IDC 5

IBM Partnership History 2009: Certified for Rational Protecode Developer Assistant TM (DA) 2010: Certified for Rational Protecode Library Auditor TM (LA) ClearCase Interworking 2011: Certified For Rational Protecode Build Analyzer TM (BA) Rational Team Concert Interworking 2012: Certified for IBM SmartCloud: ProtecodeCloud TM Standard image on IBM Smart Cloud 6

IBM SmartCloud Partnership OSS scanning and license Management part of cloud-based development Define, design, code, test, scan, deploy without leaving the cloud ProtecodeCloud scanner available as standard image Setup and go in minutes BYOL Training and Support included in the solution 7

Integration and Standards Partners 8

Managing Code Obligations and Other Code Attributes 9

Code Complexity and Software BoM IP Ownership? Obligations? Quality? 10

Open Source Popularity on the Rise 99% of Global 2000 companies will incorporate open source into their operations by 2016 [Gartner, 2011]. 50% of organizations surveyed have adopted open-source software (OSS) solutions as part of their IT strategy*. 33% of responding organizations have a formal OSS policy in place*. 79% of IT developers use open source in their development projects** [Forrester, 2010]. *Based on Gartner s survey of 547 IT leaders in 11 countries **Forrester Research (Jeff Hammond, LinuxCon, Aug. 10, 2010) 11

Problem Open Source usage is growing benefits are difficult to ignore Outsourcing software is common software supply-chain management Access to code is easy Good Developers do not write code from scratch Code reuse is encouraged Contamination is unintentional, but common 12

Approaches to License Management License Management is most effective when applied early in Software Development Life Cycle 13

OSS Adoption Maturity Model In-house Tools Automated Scanning with Reference Database Integrated suite of tools within SDLC Manual search and code review Voluntary policy compliance with Legal Advice Small projects could be managed manually Time consuming, prone to error Automated tools Bring focus to policies and enforcement Help create a software inventory (or BoM) Speed up the discovery stage Generate various reports Final decision to ship product remains with stakeholders (business and legal) 14

Open Source Software Adoption Process Best Practices Survey OSSAP Protecode Survey of 70 companies in NA and Europe, 2011 15

Protecode System 4 TM Enterprise or Cloud Enterprise Boundary Enterprise Server (Core IP Analysis Engine) Detects Code pedigree and attributes IP Signatures Reference Database Reference (open source) code signatures and source code Provides management functions 16

Scanning and 3 rd party code detection 3 rd party content identification Mostly open source Based on keyword searches, semantic analysis, file name/path analysis Information within folder/project (eg readme.txt files) Signature-lookups Code structure, encoded in a one-way hash, 300-1000 bits, Binaries, source code Reference Database 550k Projects, 1.5M packages, 300M files, >100B lines of code Code Attributes License, copyright, author, description, version, security vulnerability, export control, encryption property, date, target machine, dependencies, etc. 17

Protecode Product Solutions Detect third party, including OSS, projects, files or snippets within a code portfolio Create a Bill of Materials (BoM) of all components Report on licenses, copyrights, security vulnerabilities, export control obligations, encryption content Automatically create a License List for distribution with product Read and create Software Package Data Exchange (SPDX) files Create License Obligation and License Compatibility reports Intuitive User Interface, on-line help, tooltips 18

Accessing Protecode on IBM SmartCloud 19

Demo 20

Availability Now, Try it out Click, BYOL, transaction on website Trial system Contact us, we ll give you a free 100 file credit Contact: info@protecode.com Q/A 21