Palamida Blog
Mark Views, News & Thinking From Mark & Team

Enterprise adoption of open source software is now more of 'how' rather than an 'if.' Why has it taken off so rapidly?

» Join the Discussion!
Learn More
News and Events
May 8, 2008
Application Security for Open Source - The New Frontier
April 11, 2008
Google Pays for Affero Ban
> Webinar May 29 Sign Up Now!

Software is among the most valuable of all corporate assets. It is at the heart of competitive differentiation, and is often the primary value of many mergers and acquisitions. However, access to diverse code resources, combined with pressure to deliver product to market rapidly and cost-effectively, has given rise to the blending of homegrown, commercial and open source code. While using multiple resources for code speeds development and boosts innovation, it makes compliance, licensing and asset management more challenging than ever. Whether a company is going through a merger or acquisition, conducting a software compliance audit or implementing corporate governance for compliance and development accountability, transparency into application source code is essential. Yet sorting through all the components of a single application can be time-consuming and error-prone. Compliance and risk mitigation require a comprehensive framework for assessing IP assets and meeting corporate IT policies. Palamida launched in 2003 after the founders learned first-hand what happens when companies don't have full visibility into the code base of their software applications. Their experiences inspired them to create a solution for reliably preventing software asset mismanagement, and for streamlining the process of identifying, tracking and managing the mix of code that comprises today's software applications. Palamida enables organizations to manage the growing complexity of multi-source development environments by answering the question, "What's in your code?" Through detailed analysis of the code base customers gain critical insight into their code inventory a critical component of quality control, risk mitigation and vulnerability assessment. Palamida was founded in 2003, offering market leading solutions and services that allow organizations to safely and confidently leverage the power of open source in internal and external software development. In a world of mixed code, the software supply chain has been broken and enterprises are unable to secure a 360 view of their software assets: what they have, where it came from, its IP implications, its security implications and its ROI within the product lifecycle. To that end, enterprises are seeking tools and services that will assist in three primary areas of software assurance management. Mergers & Acquisitions: Gain quick, accurate insight of code during due diligence to ensure proper valuation, mitigate legal and business risks, and reduce costs of integration. Corporate Governance: Ensure proper compliance to regulatory standards and guarantee development accountability. Software Lifecycle Audit: Track third-party code to protect against potential vulnerability issues or to streamline change audit requirements. The IP Amplifier offers a groundbreaking approach to managing corporate software assets. It consists of two key modules the Compliance Library and the Detector. Drawing on the industry's largest and most comprehensive library of its type, IP Amplifier provides detailed information on over 750,000 commercial and open source projects including license and copyright information. Both the Detector and Compliance Library modules rely on CodeRank and Auto-Inventory technologies. CodeRank combats false-positive identifications with an advanced logic that identifies and prioritizes code matches from terabytes of the most commonly used components on the market. Auto-Inventory automates the process of conducting IP analysis and confirmation, enabling companies to gain results immediately. The IP Authorizer instills consistency and efficiency into the software supply chain. It simplifies the process of approving the use of third-party software via a web-based system that gives globally distributed developers, business managers and attorneys, a common tool for reaching IP decisions. It streamlines the review process by auto-processing new requests that have previously been approved or denied, provides system alerts for managing urgent requests, and provides an instant corporate dashboard of project activity and status. M&A Audits: Get quick, accurate assessments of potential acquisitions and the value of the IP being purchased. Or, prove the value of your IP to enhance term sheet negotiation with potential buyers. Either way, an audit performed by Palamida provides credibility, confirms the value and can accelerate deal close. Enterprise Audits: Ensure that you are complying with internal policies by discovering what you have and where you have it. You can also verify that any remediation has been completed. QuickStart Services: Benefit from best-practice knowledge and audit training that get you up and running with your Palamida products. Whether you're engaging in merger or acquisition activities, looking to meet IT governance requirements or attempting to eliminate risk during software development, Palamida's auditing services help eliminate the guesswork of software audits to deliver fast, accurate results. Our experienced professional services consultants will work closely with your technical, business and legal teams to manage, expedite and optimize your code audit. Assessment: We help acquiring teams build a business case for potential acquisitions and develop early validation of M&A objectives. A Risk Profile Report summarizes the uniqueness of the acquired code, provides an inventory of the third-party code and its licenses, and identifies potential risks. Evaluation: During evaluation, we compare the code base against your IP policies. The Evaluation phase includes a Due Diligence Forensic Report that provides details on the code pedigree and inventories third-party code. Integration: Palamida verifies whether remediation is completed and offers recommendations for redevelopment alternatives, if needed. The Integration audit helps decrease the time and cost associated with the integration plan. Enterprise Audits are an essential part of IP governance and compliance. Knowing what's in your code is critical to enforcing IP policies and avoiding business and legal risks associated with the use of third-party code. Enterprise audits provide visibility into third-party code and licenses, so you can mitigate risk and ensure compliance with corporate licensing policies. Palamida provides a three-step process that involves code scan and detection using our patent-pending code detection software, IP Amplifier. The three steps are as follows Identification: Leveraging a repository of over 750,000 commercial and open source projects, we provide technical and legal information about your code base, giving you an IP Ingredients Report that inventories the third-party code and licenses in your code base. This report allows you to make informed decisions about the third-party code inside by seeing how it fits into your overall IT, legal and purchasing requirements. Assessment: We assess your IP risks and analyze IP violations across your code base. Our compliance report identifies code vulnerabilities and details supporting evidence of code similarities. We also provide recommendations for open source and commercial alternatives for third-party code in question. Accountability: We can help you manage and verify the completion of remediation work. We provide a final Baseline IP Ingredients Report that helps ensure ongoing governance of third-party code and licenses in your software. Palamida software is built to fit easily into existing IT environments with a few simple scripting commands. Our Support team will work with you to ensure a successful implementation and an all around positive experience. 1998 act copyright digital millennium, 2.1 creativecommons.org lgpl license link, 360 ip law, 404 compliance, Academic Free License, acceptable levels of risk, acquisition, acquisition applied finance merger, acquisition applied merger, acquisition bank merger, acquisition benefit merger, acquisition best business practices, acquisition best practice, acquisition best practices, acquisition business case merger strategy, acquisition business impact, acquisition business implementation, acquisition business strategy, acquisition buy, acquisition buying future technology, acquisition case study, acquisition checklist, acquisition code, acquisition consultant, acquisition corporate merger, acquisition corporate merger strategy, acquisition critical due diligence, acquisition due diligence, acquisition due diligence checklist, acquisition intellectual property, acquisition intellectual property rights, acquisition international merger, acquisition IP rights, acquisition lawyer, acquisition m&a merger, acquisition macmillan strategy, acquisition management merger, acquisition merger, acquisition merger lawyer, acquisition merger planning, acquisition merger report, acquisition merger services, acquisition merger strategy, acquisition negotiating strategy, acquisition obstacles, acquisition planning a merger, acquisition pros and cons, acquisition requirements, acquisition software, acquisition software code, acquisition software intellectual property, acquisition software IP, acquisition strategic takeovers, Adaptive Public License, Affero General Public License, Affinity Engines vs Google Orkut, affinity vs google, affinity vs. google, affinity vs orkut, aipla, Aladdin Free Public License, american association intellectual law property, American lawyer, California lawyer, analysis and valuation of software assets, analysis of software assets, analyze software assets, analyzing software assets, anatomy of a merger strategy, apache licence, apache license, apache open source, Apache Software License, apl, app dev open source, app dev oss, Apple public source licence, Apple Public Source License, application content development, application database development, application development audit trail, application development compliance, application development eclipse, application development financial services, application development healthcare, application development improve, application development internal, application development linux, application development management, application development open source, application development os, application development outsourcing, application development productivity, application development streamline, assess inbound IP assets, assessing inbound IP assets, attorney enquiries intellectual law property, attorney enquiry intellectual law property, attorney intellectual property, attorney software intellectual property, Attribution Assurance Licenses, audit and compliance software, audit binary data, audit code base, audit compliance corporate governance, audit internal software, audit it consulting, audit it process, audit it program, audit it report, audit management software, audit program inventory, audit risk, audit sarbanes oxley, audit sarbox, audit software, audit software sox, audit solutions, audit system, auditing code, auditing code base, auditing compliance inventory license management software, auditing data enterprise, audits binary, auto inventory, auto-inventory, auto-inventory libraries, auto-inventory library, automat auditing of code base, automate code audits, automate license management, automate source code analysis, automated code auditing, automated source code analysis, automating licence management, automating license management, bank merger acquisition, base code, basel II, basel II accord, being acquired, Berkeley UNIX lawsuit, best business practice code audit, best business practice intellectual property, best business practice intellectual property compliance, best business practice software audit, best valuation, binary code audit, binary code scan, binary code scanner, binary code scanning, binary code search, black duck, black duck software, black duck software program, black duck software programs, blackducksoftware, blackducksoftware.com, Boost software licence, Boost Software License, Borland, borland gauntlet, borrowed code, bsd licence, bsd license, BSD licenses, BSDi lawsuit, business ip law, business merger and acquisition, CA vs. Quest, Caldera v IBM, Caldera v. IBM, Caldera vs. IBM, California intellectual property law, canada intellectual property law, case infringement patent, catalog commercial software, cataloging commercial software, cataloging commercial software components, checklist due diligence, chicago intellectual property law, cisco acquisition, Cisco Lynksys, Cisco Lynksys, gpl, Cisco source code theft, Cisco Systems vs. Huawei Technologies, Cisco vs Huawei, classified artistic license, CNRI Python License, cobit compliance, Code Analysis/Software Analysis, Code Audit, code audit license, code audit licenses, code auditor, code base audits, code gpl, code inventory, code ip, code rank, code scanning product, code scanning products, code scanning program, code scanning programs, code snippet, code snippets, Code theft, code tracking, code vulnerability, coderank, coderank technology, collab.net, collabnet, commercial due diligence, Common Development and Distribution License, Common Public License, Common Public Licence, community open source, company merger, Compliance, compliance consultant, compliance database, compliance management service, compliance management services, compliance management software, compliance management system, compliance open source, Compliance Report, compliance solution, componentized project architecture, Computer Associates Trusted Open Source License, Computer Associates v. Quest Software, Computer Associates vs Quest Software, computer forensic investigations, computer forensics intellectual property, computer forensics intellectual property theft, computer investigations code, computer investigations intellectual property theft, computer investigations open source, Construx, Copyright infringement, Copyright infringement code, Copyright infringement software, copyright software, corporate acquisition techniques, corporate compliance software, corporate counsel open source software, corporate governance, corporate governance and compliance, Corporate Governance/IT Governance, corporate legal open source, corporate m&a, corporate merger acquisition, corporate strategy for mergers and acquisition, Coverity, Cryptix General License, Cryptix licence, Cryptix License, CUA Office Public License, customer due diligence, CVW License, Cyberkorp, data audit, data security, data vulnerability, Day one report, decrease legal exposure, decreased legal exposure, define due diligence, definition of due diligence, derivative work, derivative work program, derivative work programs, derivative work software, development open source software , development oss, digital copyright protecting intellectual property , digital management right technology, digital millennium, digital millennium copyright act, digital millennium copyright act of 1998, digital millennium notice, digital rights management, Diligence Done, disclose software, distribute open source software, distribution of open source software, distribution of oss, DLA Piper, dmca millennium, Doug Levin, drm, drm license, drm protection software, drm requirements, drm software, due diligence, due diligence audit, due diligence checklist, due diligence checklists, due diligence corporate governance, due diligence investigation, due diligence merger and acquisition, due diligence process, due diligence report, due diligence requirements code, due diligence requirements intellectual property, due diligence requirements IP, due diligence requirements software intellectual property, due diligence services, due diligence software, eclipsecon, eclipse framework, eclipse healthcare initiative, Eclipse Public licence, Eclipse Public License, eclipse subversion, eclipse.org, eclipsehealthcare.org, eCos license, eCos Public License, Educational Community License, Eiffel Forum License, emanuel law intellectual property, encryption audit, encryption open source, end user license agreement, engineering build process, engineering open source, engineering open source software, engineering open source software development, enterprise audit, enterprise audits, enterprise open source, Entessa Public License, EU DataGrid Software License, eula, Eula licence, Eula license, evaluate software assets, evaluating software assets, export audit, export open source software, factors influencing mergers and acquisition, Fair License, Fenwick, Fenwick & West, Fenwick and West, File digest matching, forensic analysis of code, Frameworx License, Free beer licence, Free beer license, free software foundation, free sw foundation, gartner it expo, general public licence, general public license, gnu, gnu gpl, gnu gpl licence, gnu gpl license, gnu gpl license mail module web, gnu lesser general public license, gnu license, Google Code Search, Google Orkut lawsuit, Google OSS search service, goscon, governance, governance in it, government compliance open source software, government open source, GPL, GPL 3.0, gpl 30, gpl code, gpl instalatii, gpl installateur, gpl installation, gpl licence, gpl license, gpl voiture, Gracenote vs Roxio, Gracenote vs. Roxio, Hacktivismo Enhanced-Source Software License Agreement, healthcare open source software, HPL7, hummer winblad, ibm acquisition, ibm lawsuit sco, IBM Public License, ibm vs sco, ibm vs. sco, IChessU vs Jin, IChessU vs. Jin, identify IP risk, identify IP risks, identifying IP risk, identifying IP risks, infringement law, infringement lawsuit, initiative open source, innoopract, integrate into development workflows, Intel Open Source License, intellectual law patent property, intellectual law property, intellectual law property rights, intellectual property asset management, intellectual property cases, Intellectual Property Compliance Management, intellectual property copyright law, intellectual property due diligence, Intellectual property infringement, intellectual property law, intellectual property law Canada, intellectual property lawsuit, intellectual property management, intellectual property management software, intellectual property protection, intellectual property protection for software, intellectual property protection software, intellectual property right law, intellectual property rights, intellectual property software, intellectual property source code lawsuit, intellectual property theft code, intellectual property theft software, intellectual property valuation, Interbase Public License, internal audit report, internal code audit, internal software audit , international intellectual property law, IP amplifier, IP authorizer, IP code management, ip due diligence, ip ingredients, IP ingredients reports, ip law, ip law and business, ip law firm, ip lawsuit, IP management platform, ip management solution, ip management solutions, IP policy, IP report, IP reports, ip rights, IP Source code lawsuit, ip theft code, ip theft software, IP transparency, ip valuation, ipingredients.org, it audit report, it audit software, it compliance, IT governance, Jabber Open Source License, Jahia Community Source License, java open source, java script , java script snippets, Jboss license, Jboss licenses, jboss patent, jboss protect, jeff Luszcz, JLI, jones day, jones day llp, kpmg, krugle, LaTeX Project Public License, law firm intellectual property , law firm intellectual property law, law firm ip law, lawsuit intellectual property, lawsuit ip, lawsuit sco, legal due diligence, legal intellectual property, legal merger acquisition , legal software intellectual property, legal software ip, lesser general public license, Leonard street, Leonard street and leinard, lgpl, Lha license, licence compliance, licence open source, license compliance, license conflicts, License of ksh93, License of Perl, License of Python, License of Qmail, License of Vim, License of xinetd, license open source, licensing, intellectual property, life cycle IP management, lifecycle IP management, link creativecommons.org license lgpl 2.1, linux license, linux licenses, linux open source, linux open source software, linuxworld, Lucent Public License, Lucent Public License (Plan9), m&a due diligence, m&a influencers, macmillan strategy, manage IP code, manage software assets, managing intellectual property, mark toliver, mark tolliver, merant PVCS version manager, merger acquisition buy out, merger acquisition planning, merger and acquisition case study, merger and acquisition checklist, merger and acquisition company, merger and acquisition firm, merger and acquisition report, merger and acquisition services, merger and acquisition strategy, merger and acquisition techniques, merger and acquisitions, merlin international, Micosoft v.Viodentia, Micosoft vs Viodentia, Micosoft vs.Viodentia, microsoft acquisition, microsoft acquisitions, microsoft digital rights management, microsoft mergers and acquisition, Microsoft novell, microsoft partners, Microsoft v. Viodentia: FairUse4WM Lawsuit, MIT Licenses, Mitchell Kertzman, mitigate business and legal risk, mitigate business and legal risks, mitigate business risk, mitigate business risks, mitigate legal exposure, mitigate legal risk, mitigate legal risks, mitigating legal exposure, MITRE Collaborat ive, Virtual Workspace License, Mitsui Venture Partners, mixed code, MontaVista Lineo, Motosoto License, multi-pattern search technology, MySQL NuSphere, MySQL Progress Software, Namespace matching,NASA Open Source Agreement, Naumen Public License,NCSA Open Source License, negotiating mergers and acquisitions, Nethack General Public License, Netizen Open Source License,Netscape Public License, New BSD license, Nokia Open Source License, nokia patent infringement, nokia vs qualcomm, NOSL, novell, novell sco, OCLC Research Public License, Old OpenLDAP License, Old Plan 9 License, Olliance, olliance group, online due diligence, open gl source code, Open Group Test Suite License, Open LDAP license, open program source, Open Software License, open source, open source application, open source cms, open source collaboration , open source collaboration software, open source community, open source content management, open source corporate counsel, open source corporate legal, open source crm, open source database, open source dev elopment, open source document management, open source encryption, open source for the enterprise, open source government, open source healthcare, open source healthcare initiative, open source initiative, o pen source intellectual property management software, open source lawsuit, open source licence, open source licence management, open source license, open source license management, open source patents, open source product, open source programs, open source project, open source project management, open source project management software, open source report, open source search engine, open source security, Open Source Software Adoption, open source software asset management, open source software corporate legal, open source software development,open source software development tool, open source software engineering, open source software for business, open source software project, open source standardization, open source stealing, open source technology alliance, open source voip, open-source audit, operational due diligence, osa, osi licence, osi licenses, osi open source, osrm, oss, oss software, oss solutions, ostg, outsourcing application development, pal mida, pal mido, palameda, palameeda, palamida code audit, palamida code review, Palamida Consulting, palamida IP Amplifier, palamida IP Authorizer, palamida m&a audit service, palamida m&a services, Palamida Professional Services, palamida software, palamida software program, palamida software programs, palamida solution, palamida solutions, palamida.com, palamida's quick start service, palamida's quick start services, palamido, palamina, palemida, palemina, patent infringement, patent infringement attorney, patent infringement cases, patent infringement lawsuit, patent infringement lawyer, patent intellectual property law, patent law and infringement, peer code review, procurement software, product management open source, product management software, proprietary code, proprietary software, protect intellectual property, protect software assets, protect source code, protecting intellectual property, protex IP, protex IP suite, protex IP system, protex/IP, protex/IP development, protexIP, protexIP suite, protexIP system, publicly available software, qualcomm intellectual property, qualcomm vs nokia, qualcomm vs. nokia, quality assurance and compliance, quality assurance management, ray Waldin, Reciprocal Public License, record compliance management, red hat, RedHat SCO, RedHat v SCO, RedHat vs SCO, RedHat vs. SCO, regulatory compliance, regulatory compliance software, reuse open source software, Ricoh Source Code Public License, riseforth, risk and compliance management, risk and mitigation, risk profile, sarbanes oxley audit, sarbanes oxley compliance, sarbanes oxley compliance software, sarbanes oxley sox compliance, sarbox audit, sarbox compliance, scan binary code, scan binary codes, scan non-code resources, scan source code, scan source codes, scanning binary code, scanning binary codes, scanning non-code resources, scanning software, scanning source code, scanning source codes, Scilab license, SCO AutoZone, SCO DaimlerChrysler, sco ibm lawsuit, sco lawsuit,SCO v Autozone, SCO v IBM, SCO vs Autozone, SCO vs DaimlerChrysler, SCO vs Novell, SCO vs. Autozone, SCO vs. DaimlerChrysler, SCO vs. Novell, screening third-party code, screening third-party codes, securing code script, Security, security and quality assurance, security code, security code base, security financial services applications, security of open source software, SGI Free Software License, sitecom netfilter, Sleepycat License, software assurance, software assurance compliance, software auditor, software compliance management, software component, software copyright, software copyright infringement, software copyright law, software copyright protection, software development, software development financial services, software development workflow, software development workflows, software digital right management, software disclosure, software disclosure, software freedom law center, software internal use policy, Software IT Assets, software licence compliance, software licencing, software license compliance, software license compliance management, software license management, software licence management, software licensing, software patent infringement, software procurement , Software Risk Mitigation, software security, Software transparency, source code audit, source code auditing, source code control, source code copyright, Source code fingerprinting, source code licence, source code license, source code licenses, source code scanner, source code scanners, sourceforge, sox 404, spatial v autodesk, spatial v. autodesk, spatial vs autodesk, Spatial vs. Autodesk, SSISSL, SSLeay, Starforce class action lawsuit, starforce lawsuit, stealing open source, stealing source code, strategic IP management platform, subversion, Sun Community Source License, Sun Industry Standards Source License, Sun Public License, Sun Solaris Source Code (Foundation Release) License, suse linux, Sybase Open Watcom Public License, symantec acquisition, system audit, technical due diligence, technique for negotiating corporate acquisition, technology due diligence, The Condor Public License, the end user license agreement eula, The license of Ruby, The Squeak license, Theft of ip, theresa bui Friday, third party intellectual property, third party IP, third-party intellectual property,TOS license, tracking IP code, ubisoft for starforce lawsuit, understanding open source, united states intellectual property law, University of Illinois Open Source License, University of Illinois/NCSA Open Source License, University of Utah Public License,UNIX lawsuit,user code libraries, user code library, USL v BSDi, USL v. BSDi, USL vs BSDi, USL vs. BSDi, vasoftware, valuation of software assets, valuing intellectual property, venture capital due diligence, verify code pedigree, verify code pedigrees, verify external regulatory compliance, verify internal regulatory compliance, verifying code pedigree, verifying code pedigrees, Vovida Software License v. 1.0,Vulnerability Assessment, vulnerability database, vulnerability scan, vulnerability scanning, W3C License, WaldenVC, what's in your code, Windows source code theft, wxWindows Library License,X.Net License,X11 License, X11 Licenses,XFree86 1.1 License, YaST License, Zend License, zLib License, zlib/libpng license, Zogix, Zope Public License.