Black Duck announced today that it has created the Center for Open Source Research & Innovation (COSRI) as a way to give companies and researchers more information on the open-source ecosystem.
Open-source components now comprise more than 50% of the average application, according to Black Duck’s director of strategic communications Brian Carter. The company found that one of the biggest challenges of open-source software is visibility.
Carter said that open source is in such ubiquitous use now, and companies like using it because it helps cut their costs and get to market faster. But in the process, people do not have anywhere near the visibility into the open-source software they are using, and therefore have difficulty controlling, securing and managing their software, he said.
He said Black Duck realized that more information needs to be pushed out to the community regarding the lack of visibility companies have into their open-source software, which is one of the reasons the company developed COSRI. With the new center, Black Duck can publish data around vulnerabilities and other forms of innovative research like white papers and surveys.
With the research center, the company can also stay more in tune with its other research groups in both Vancouver, Canada, and Europe by having them work together to benefit the open-source community.
“[We can] deliver reports—not to scare people—but reports to show that there is so much more people need to learn and understand about the open source they are using,” said Carter.
COSRI will be based at Black Duck’s Massachusetts headquarters, but both of its Canadian and European research groups will play major roles in this new project, the company said.
Black Duck Security Research (based in Europe) will analyze security issues and attack patterns in open source software, while the Vancouver research group will conduct applied research in data mining, machine learning, natural language processing, and more.
The research teams’ work will be added to enhance Black Duck Knowledge Base, a repository of open-source software. Black Duck’s Open Hub, an analytics and search service, will also become a part of COSRI.
Also, through COSRI, Black Duck will continue to issue periodic Open Source Security Audit reports highlighting the challenges organizations face in securing and managing their open-source components, according to the company.