Last year at this time, I was at Demo in Arizona watching a couple of my portfolio companies launch new products and networking with other VCs and entrepreneurs. Given my travel schedule of late, I decided to go to Linuxworld in Boston for a day and follow Demo from many of the bloggers like Jeff Nolan. It seems that the consensus view from Demo was that there were lots of interesting products but nothing that blew the audience away. I, too, can say the same about Linuxworld. After a few meetings in the morning, I decided to walk the expo hall to see the various offerings. I saw my fair share of companies that sold into the high performance computing (HPC) market with various clustered file servers, data replication, and workflow application software. I also saw a number of companies offering tools to better manage deployment and performance of Linux boxes. Then there were a few companies selling enterprise applications like document management platforms and antivirus and antispam software on Linux-not terribly exciting. Finally, there were various companies going after the desktop Linux market with operating systems and applications-while I found some of them intriguing, it is still quite early.
One area I did like was the market for software compliance. As we move to a componentized world where developers increasingly build in pieces of software from a variety of sources, how does a company know what they are using and from whom and more importantly what the licensing rights are for those components. 2 early stage companies going after this space are Palamida and Black Duck software. I had a chance to speak with one of the founders of Palamida, Theresa Bui Friday, and came away quite impressed. The Palamida software works like an antivirus scanner looking into code and checking against its compliance database to catalog your code base, identify whose components you are using, and then providing the user with the associated license and contact information. Increasingly IP compliance is becoming a big deal, especially when you talk to CIOs, and incorporating this type of automated scanner early in the development process can save customers a ton of headaches and potential dollars from law suits. I view this market as part and parcel with the source code scanning market. Increasingly, secure coding is being built into the QA process and companies are coming out with automated scanners to check for vulnerabilities before products go to GA. According to Reflective and NIST (full disclosure I am an advisory board member) it costs less than $0.10 to scan code early in the development process and up to $1,000 per line of code once a product is in GA.