Talking with Mahshad Koohgoli, CEO, Protecode

By: Richard “Zippy” Grigonis

Protecode (News - Alert)’s (www.protecode.com) unique products examine a software developer’s project and automatically detect, log, identify and do pedigree-tagging of software content, then they report on associated intellectual property and licensing attributes and compliance against an organization’s policies, thus establishing intellectual property ownership and creating a software Bill of Materials (BoM). Cisco (News - Alert) could sure have used Protecode’s technology prior to the discovery that some open source code had crept into some of their products’ Linux-based software, thus triggering a lawsuit filed by the Free Software Foundation (FSF). Yours Truly recently sat down to discuss the situation with Protocode’s CEO, Dr. Mahshad Koohgoli (News - Alert), a serial entrepreneur whose current mission is to bring safe software development practices to the tech world.

RG: You have two principal products that can analyze software?

MK: We have products and services that analyze an enterprise’s software ‘portfolio’ of product code, and we can detect open source and other third-party software that has gone into that portfolio, library, or product. We automatically identify the licensing and copyright obligations for various stretches of code and check them against the policies that an organization has established. If we see a violation, we flag it. Basically, we get involved during any transaction where the is ownership of intellectual property must be established, whether you’re trying to license your product, or sell it, when you have to provide IP indemnity ‘background checks’, or are trying to co-develop something with a partner, or if a merger and acquisition is occurring with your company and everything is being vetted. So, any time you want to exactly know what code you have in your product or organization, and any obligations associated with it, we have solutions that provide such capability. These can work either in real time as you’re developing the program and are bringing in bits and pieces of code, or they can be run in a broad analysis mode, examining what you’ve already developed, or what you have in your library of useful subroutines. We then generate a detailed report.

RG: You have an interesting bulk analyzer that can methodically examine everything.

MK: Yes, our Enterprise IP Analyzer is a software application that you run and point to a directory, or part of the repository of code that you want to analyze. Our app goes through every file there and it tries to find out any similarity between a file and any open source code available in the public domain, or any proprietary code that can be identified from the signatures in our database. The Analyzer looks for the signatures and generates a report of all the open source projects detected and all of the licensing associated with whatever code you have in that directory. You can specify that you don’t want any code in your project having GPL [GNU General Public License] licensing obligations, for example, and our solution flags anything originally done under GPL. That’s our bulk analyzer.

RG: And what about real-time analysis?

MK: As I said, we also offer a real-time analyzer, called IP Assistant. It’s an Eclipse plug-in on the development platform that sits in the background. As developers work on their software, they may bring in a piece of code that’s a cut-and-paste from something on the web, or from another file somebody has carried in on a USB memory stick, or somebody’s library of routines on a CD. In any case, the IP Assistant runs unobtrusively in the background while the developer works away, and any time it ‘sees’ an external content entering the programming workspace, it springs into action. First it logs it as, say, a C file that came from location X and it went into this file at a certain time under the auspices of a certain person. Then it analyzes the code and attempts to identify the nature of the content via a number of techniques. We consult databases of code signatures we’ve accumulated over the years. We probably have a signature of every example of open source in our database, as well as those for much commercial proprietary code. Our program looks for ‘footprints’ in the file such as ‘Copyright by’ and it will look at the URL from which it came and try to glean something from that. Any information the program discovers is also logged in real time. We then check it against the policies that the project manager or administrator has established.

So with our products, developers know exactly what they have in their organization and in a particular software project in terms of the intellectual property attributes of all the code. IT

Richard Grigonis (News - Alert) is Executive Editor of TMC’s IP Communications Group.

» Internet Telephony Magazine Table of Contents