Black Duck Software, the leading global provider of products and services for accelerating application development through the managed use of open source software, today announced it has acquired the assets of privately-held SpikeSource, a provider of software tools and services to automate application component identification and assess security vulnerability. Terms of the deal were not disclosed.

The acquisition, Black Duck’s third and its second in three months, follows closely on the heels of the acquisition of, the largest free public directory of open source software and a vibrant web community of software developers and Free and Open Source (FOSS) users. Both acquisitions reflect Black Duck’s accelerating growth trajectory – the company is currently growing 58% year-over-year in FY 2010 – and also further Black Duck’s mission to promote FOSS adoption by making it easier for developers to take advantage of the growing body of high-quality code in FOSS projects.

Among the technologies acquired are SpikeInsight, a cloud-based offering for automated application component identification and security vulnerability assessment; SpikeForge, a forge comprised of 17 open source projects; the Developer Community Forum, a group of forums associated with SpikeSource OSS projects; virtualization management technology, and a number of other software assets.

Black Duck’s Ohloh site is language and forge-neutral, and the company will work with SpikeForge project managers to migrate FOSS projects currently hosted on SpikeForge, such as the extremely popular testgen4web testing tool, to independent forges.

“Our growth enables us to make acquisitions that increase the value of our offerings to our customers, while benefitting the FOSS community by making it easier for developers to find and use open source,” said Tim Yeaton, CEO and President, Black Duck Software. “Both the SpikeSource and Ohloh acquisitions continue our transformation from compliance tool provider to full life-cycle open source enabler, community participant and FOSS advocate.”

Black Duck will use technology from the acquisition to complement the Black Duck Suite, an advanced enterprise-class solution to the management, compliance and security challenges associated with FOSS use, at scale, in enterprise application development. SpikeSource’s Solution Analyzer helps developers understand what’s in an application through binary scanning and connects to SpikeInsight, a cloud-based service providing guidance on compliance, compatibility and remediation issues.

“SpikeSource is a tremendous set of technologies and a natural fit with Black Duck Software,” said Ray Lane, Managing Partner, Kleiner Perkins Caufield & Byers, and a member of the SpikeSource Board of Directors. “SpikeSource’s technologies complement those of Black Duck, and together create a compelling range of capabilities to help manage the use of open source software by development organizations.”

“We see demand for open source growing geometrically with the pressures of a volatile economy and highly constrained IT resources,” said Melinda Ballou, Program Director for Application Lifecycle Management Service at International Data Corp. “This SpikeSource acquisition augments Black Duck’s strong existing capabilities for open source management as organizations must increasingly be able to find, access and manage OSS securely. The combined products resulting from this – in addition to and the company’s prior portfolio — enable a highly differentiated open source offering for Black Duck.”

Specifics regarding Black Duck’s strategy for SpikeSource technologies will be communicated as part of the rollout of the Ohloh initiative and enhanced website.
For more information on this acquisition, please visit

For more information about Black Duck, please visit