False positive problem with Black Duck
I wrote a system from scratch in order to comply with DO-178 (i.e. high-level requirements were written from the completed and reviewed system requirements; low-level requirements were written from the completed and reviewed high-level requirements; and source code from the completed and reviewed low-level requirements) so that everything was fully traceable. Even with this level of proof that everything was written from scratch, our lords and masters insisted that we had Black Duck audit our code. They claimed that we had hundreds of license violations from copied open source code. Manglement won't we wasting their money again!