Black Duck announces new encryption export compliance software

Software exporters have a new friend these days in Waltham, Massachusetts-based Black Duck Software. The software compliance management provider this week unveils its exportIP platform that helps companies comply with export restrictions on encryption algorithms. These restrictions, mainly targeted at rogue nations such as Cuba, Iran, North Korea, Sudan, and Syria, contain severe punishments when violated. In May, for instance, the Commerce Department’s Bureau of Industry and Security fined one company $165,000, and the bureau’s predecessor, the Bureau of Export Administration, is said to have fined a mobile equipment manufacturer $95,000 in 2002 to settle allegations of violating the rules.

exportIP joins a large suite of compliance software solutions offered by Black Duck. The technology, which includes role-based interfaces for compliance officers, identifies encryption algorithms within software code. Once located, developers confirm the identity of the algorithms and are asked to provide additional relevant information. Then export specialists are charged to coordinate a project review in light of the export restrictions, and are prompted to submit any required government paperwork.

The idea is to take the guesswork and luck out of the compliance process and put it straight into the hands of the employees best able to identify and the solve the problem. “Export encryption rules are a reality, and they are enforced. Building a way to manage and automate compliance throughout the application development lifecycle — and for all players involved in that lifecycle — is critical,” said Judith Hurwitz, president of Hurwitz & Associates.

Black Duck is privately held by Fidelity Ventures, Flagship Ventures, General Catalyst Partners, Intel Capital, Red Hat, and SAP Ventures. If these firms have confidence in Black Duck, then so do we.

-read more in this company news release