momius - Fotolia

Wick Hill takes on open source security player Black Duck

Wick Hill has been signed up by open source security player Black Duck as the distributor establishes a division to grow its pan-EMEA footprint

The demand for open source is increasing and becoming more of an option that enterprise customers are more comfortable taking.

Most of the debate about open source has concentrated on whether or not the software can provide the same experience as the established alternatives.

What might not always have been top of mind is the security implications and what might lie lurking in the code that has made up the open source application.

Kevin Bland, director of channels and alliances at Black Duck, said that developers often used existing code to speed up the process of bringing an app to fruition and there could be vulnerabilities incorporated into the fresh application.

The firm specialises in scanning code searching for the contents and finding out what licenses are needed and where security vulnerabilities have been discovered.

"A large percentage of any code, around 38%, comes from open source and the number of applications that will be made up of open source code is going to increase over the next few years," he said.

One of the other problems that comes from copying and pasting code into an application is that when ti comes to launch and vulnerabilities are found it can be expensive to remedy.

"If you wait until launch then it can cost $25,000 per problem to remedy it but if you identify vulnerabilities during the development stage it is about $25 per vulnerability," he added.

Black Duck launched a partner programme earlier this summer with the aim of bringing on board more security specialists.

The next stage in its channel story is to bring on board a distributor that has a strong track record in the security space.

Ian Kilpatrick, chairman of the Wick Hill Group, which has signed up Black Duck, said that open source had climbed up the agenda but developers had to be aware of how using unauthorised code could leave them exposed to risks.

He said that there was a need for the channel to deliver education to the market about just what the consequences of using open source software could be.

The Black Duck deal marks the first vendor signing for the Wick Hill Select division, which is designed to help it gain more of a pan-EMEA footprint.

“We’ve established Wick Hill Select to work with vendors who want to grow rapidly in EMEA and who are looking for a distributor who can offer market support and high value-added services across the EMEA region," said Kilpatrick.

"The challenge that many such vendors face is inconsistent delivery from distributors across different territories. We aim to provide a common proposition and consistent delivery across a pan-EMEA footprint," he added.

Read more on Open Source Software Services