Matt Jacobs – Black Duck Software Inc.

Much of today’s technology is built on the back of open-source software. These lines of code, made available to the masses at no cost by their developers, can drastically reduce the time and cost of building new programs.

“Software developers today don’t write code from the ground up. They compile it by finding pieces of open-source code and piecing it together with internally created or other third party code to create what they need,” explains Matt Jacobs, general counsel at Black Duck Software Inc. (BDS).

As a company specializing in the secure use and management of open-source software, BDS serves a unique role in today’s technology industry. Headquartered in Burlington, Massachusetts, with offices around the world, BDS assists companies in the deployment of open-source software on two fronts: it sells software and performs audits to determine if the open-source software being used by companies can legally be licensed for commercial use, and it identifies and enables the remediation of any security vulnerabilities in the software itself.

“Open-source software comes under a number of different types of licenses; just because a software developer is letting you see the source code does not mean they are giving up their copyright,” says Jacobs. “Also, like any software, it’s susceptible to security vulnerabilities, so you need someone to be tracking what open-source software engineers are downloading and why, how and where they’re using it.”

Founded in 2003, BDS has risen to meet that need, offering software that acts as an automatic screening tool, sifting through more than 10 billion lines of code and 500,000 open-source projects to uncover any licensing and security liabilities that could end up costing a company down the road.

A growing interest in open-source liability

Jacobs plays a unique role at BDS. As general counsel, he oversees the worldwide legal affairs of BDS, including managing licensing and contract negotiation, managing the company’s intellectual property portfolio and advising senior management on day-to-day legal affairs. However, his unique background makes him much more valuable than the average in-house attorney.

Before joining BDS, Jacobs worked as an associate at Bernstein Shur in Portland, Maine, where he specialized in corporate and intellectual property law. Jacobs brought in a number of new technology clients while working at the firm, including one who was involved in the world of open-source software.

“This was 2007 or 2008 and I only had a passing understanding of open-source software, but as I got more interested I did a lot of research to get up to speed and found myself fascinated by the interplay of the business, engineering, legal and political dimensions of open source software,” he says. “I also saw that this was an area of law that was just getting ready to explode.”

During his time at Bernstein Shur, Jacobs was responsible for writing one of the firm’s client engagement newsletters and quickly set about using the platform as a way of educating clients on the potential pitfalls of open-source software. “A lot of my research was actually around what Black Duck was doing,” he says.

From that point on, Jacobs found himself continually bumping up against the name Black Duck. Shortly before he left the Maine firm, an industry friend reached out to Jacobs for consultation advice following a BDS audit of his company that unveiled a number of issues with the open-source software they had been using. “He said, ‘No one knows how to handle it or what it means, so why don’t you come help us out,’ and I signed up for a nine-month gig,” he says.

It was during that time that he noticed BDS was advertising for a new general counsel, a job he landed in short order.

“I got that job in large part because I was able to say I’ve been following open-source software, was familiar with Black Duck and presented myself as someone who fully understood how critical it was that we be able to communicate the Black Duck value proposition to the legal community,” Jacobs says.

BDS management soon decided to leverage Jacobs’ knowledge of open-source software and his professional background, deploying him as part of the company’s business development strategy. “They said, ‘Such a large part of our target audience is lawyers and they don’t want to hear from salespeople, so why don’t you go talk to them?’” says Jacobs.

Seven years into his role with BDS, Jacobs now spends a good portion of him time jetting around the world, drumming up interest in BDS products from Germany and London to Austria and India. “I do more business development, marketing and sales-type work than almost any other general counsel I’ve ever met,” he says.

“My lawyer friends are by and large very jealous of me because I get to spend so much time hopping around the globe. That part of the job really keeps things quite fluid and interesting,” says Jacobs.

A vital business tool

BDS offers a range of products and services to those trying to limit their liability around the use of open-source software, allowing users to analyze software, search for reusable code, manage open source and third-party approval, comply with legal obligations and monitor the risk for any potential security vulnerabilities.

The company’s product range includes the Black Duck Hub, which automatically scans applications to discover open source code and the applications used to build it, mapping vulnerabilities, monitoring and reporting security threats.

Black Duck Protex enables users to automatically scan, identify and inventory open source software while Black Duck Code Center automates the process of finding, requesting approval for and licensing of code, while also tracking potential security threats.

The company has partnerships with a number of the open-source community’s leading organizations, including Red Hat, GENIVI and Linux Foundation.

Black Duck’s products are often used during the corporate mergers and acquisitions process in which one company might run a scan on the target’s code base to determine if the target company owns what it says it owns. “95 percent of the time we find open-source software that the target company had no idea they were using,” says Jacobs.

Jacobs points to the recent release of the so-called “Panama Papers” as an example of the vulnerability that open-source software can expose. The massive data leak, which exposed detailed information about more than 214,000 offshore companies listed by the Panamanian law firm and corporate service provider Mossack Fonseca, is now thought to be related to that law firm’s use of Drupal, a popular open-source data management program that had not been properly updated in the last three years, leading to 25 security vulnerabilities. “Law firms are not web designers, but they still have the obligation to stay on top of security,” Jacobs says.

When he’s not jetting around the world promoting BDS’s products and services, Jacobs can be found exploring the outdoors as an avid skier, cyclist and surfer or spending time with his wife and children.

With a unique skill set, genuine interest in his specialized field and a product that will only become more relevant as the technology market continues to grow and evolve, Matt Jacobs, general counsel at Black Duck Software Inc., will continue to assist the company in its mission to protect users from the liabilities that can come with the use of open-source software.