Channels ▼
RSS

Security

Proactive Management Required


Ralph Priester is director of intellectual capital, configuration management, and third-party compliance at Halliburton's Landmark Graphics.


Every business needs to focus on cutting costs, improving time to market, reducing risk, and increasing innovation. Open source software is a powerful tool to achieve these goals -- as long as you manage its use. Unfortunately, many development groups don't know what code sources they have in their codebases, which opens the door to compliance and security issues.

With these risks in mind, Halliburton Landmark instituted manual processes to track code sources and identify open source within DecisionSpace, our core product for the oil and gas industry. However, the time and staffing resources needed to do this significantly hindered our development life cycle. Manual processes are also prone to human error. We needed an automated way to track baseline code sources that would let us more efficiently manage compliance, minimize error, and proactively use open source in development. Luckily, there are a number of vendors that provide this kind of support, including Black Duck, OpenLogic, Palamida, and Protecode.

We opted for Black Duck Suite, with its database that automatically scans code to check licenses. In addition to heading off potential IP and license issues, Black Duck lets us identify third-party encryption algorithms that require a filing with the Department of Commerce if the code is exported from the United States.

Black Duck has automated the process of tracking and scanning our code base, analyzing approximately 325 million lines of code in 12 months -- a process that would have taken more than five years if done manually.

This approach is crucial for the Agile developing we do at Landmark. Automated scanning lets Agile teams identify licensing and compliance issues up front and correct them before they become embedded. Nothing slows the Agile process more than having to backtrack to solve a licensing problem. Programming teams at Landmark also use automated scanning to scan existing open source code for compliance and reuse.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video