Speed International Shipments. Understand Your Software Encryption.

Complying with import and export regulations governing cryptography in software applications can be a long and difficult process. It is complicated by the increasing use of mixed-origin code, especially if code origins and contents are inadequately documented. Code of uncertain origin can contain unidentified cryptography, yet most countries require special licensing for cryptographic code before allowing it to be exported.

It is your goal to ensure that cryptographic code components don’t jeopardize your software going to market. Your licenses must be in proper order to declare your encryption methods to cross-border government agents.

How can you most quickly ensure software complies with import and export regulations?

• Automate encryption identification. Manually finding encryption code can be complicated and time consuming, especially when the code is of third party or outsourced origin. Automating the process of finding and correctly identifying cryptography components saves time and reduces business risks such as lost revenue from prohibited shipments.

• Determine and enforce encryption policies. Most governments require software developers to have policies about encryption. In practice, implementing and enforcing such policies can be difficult, especially if this practice has been neglected in the past. Going forward, the simplest approach is to use an automated solution to quickly identify encryption code in your software base and with each new build cycle. This will allow software developers to implement appropriate policies without wasting time.

• Know what you need to deliver. Finding out what is legally required and then gathering all of the required technical information about your software cryptography can take an enormous amount of time and expensive expertise. Employing an automated process to help complete the documents your government demands will eliminate manual processes and reduces the risk of missed shipping deadlines.

Black Duck Software offers the world’s first and only solution specifically designed to facilitate encryption export compliance management for software and software-driven products. Companies worldwide depend on Black Duck solutions to analyze source code and identify cryptography within their code in order to more quickly and easily comply with government licensing and documentation requirements for distributing software internationally. Let us help you gain competitive advantage by bringing your software or software-enabled products to market without undue delay.

How can you find out more information?

• Learn how by using exportIP your organization can find, identify and resolve encryption issues in your software, to automate many aspects of Federal encryption compliance procedures.

• Uncover why you need to identify all of the encryption functions in your software – and the challenge that poses. Download the whitepaper, A Guide to Software Encryption Export Compliance.

• Ben Flowe, who leads the export/import compliance team at Berliner, Corcoran & Rowe, LLP in Washington, DC explains how to approach classification of products with encryption functions by applying the current Export Administration Regulations (EAR) provisions, from the least restrictive through the most restrictive controls. For more information, download the whitepaper, Software Encryption Export Considerations.