Palamida Joins Linux Foundation
Compliance and IP management vendor to collaborate on new Open Compliance Program
San Francisco - August 17, 2010 - The Linux Foundation, the nonprofit organization dedicated to accelerating the growth of Linux, today announced that Palamida has become its newest member. It will participate in The Linux Foundation’s new Open Compliance Program.
The Linux Foundation’s Open Compliance Program includes a set of tools, training curricula and a new self-administered assessment that will allow companies to ensure compliance in a cost-effective and efficient manner. It also includes a new data exchange standard so companies and their suppliers can easily report software information consistently. For more information, please visit: http://www.linuxfoundation.org/programs/legal/compliance.
Palamida has seen first-hand the increasing demand for compliance-related resources. In 2009, it experienced a 78 percent year-over-year increase in subscription bookings for its software-based security, compliance, and IP tools. With the explosion of open source software products in everything from consumer electronics devices to enterprise application stacks, it is more important than ever IT managers and business executives are aware of what software exists in their enterprise.
”The blending of open source, proprietary and homegrown software has led to an increasingly complex IT environment, one in which compliance and security are top priorities,” said Mark Tolliver, CEO, Palamida. “We’re looking forward to collaborating with The Linux Foundation to help companies take advantage of all of today’s software options while navigating compliance and reducing costs.”
”Palamida’s expertise related to reducing costs with sound software compliance management will be a valuable addition to our Open Compliance Program,” said Amanda McPherson, vice president, marketing and developer programs, The Linux Foundation. “We’re looking forward to their contribution to help inform and advance our initiative for the benefit of the overall software industry.”
Palamida has a long history of helping companies navigate security, compliance and IP management issues. Founded in 2003, the company has worked with hundreds of companies to manage their “multi-source” software environments and ensure they can take advantage of open source, proprietary and third-party software.
The Linux Foundation’s membership is made up of thousands of individual and corporate members, as well as affiliates: http://www.linuxfoundation.org/about/members . The aggregate contributions from these members advance the operating system to compete in the enterprise and on next-generation computing devices.
About Palamida
Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.
About the Linux Foundation
The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux. Founded in 2007, the Linux Foundation sponsors the work of Linux creator Linus Torvalds and is supported by leading Linux and open source companies and developers from around the world. The Linux Foundation promotes, protects and standardizes Linux by hosting important workgroups, events such as LinuxCon, and online resources such as Linux.com ( http://www.linux.com ). For more information, please visit www.linuxfoundation.org ( http://www.linuxfoundation.org) or follow the organization on Twitter at http://www.twitter.com/linuxfoundation .
In a case filed by the Software Freedom Conservancy the US District Court for the Southern District of New York issued an default judgment upholding the validity of the Busybox GPL license and ordering Westinghouse Digital to pay triple damages for copyright infringement and to cease distribution of the offending product. The full text of the decision is here .
Palamida Helps SETI Institute Launch Open Source Initiative
New Initiative Seeks to Expand Worldwide Community of Developers and Citizen Scientists
- July 21, 2010 - The SETI Institute is a private, nonprofit organization dedicated to scientific research, education and public outreach with a mission "...to search for our beginnings and our place among the stars". Through their new initiative, setiQuest, individuals around the globe will be able to contribute their time and energy to assist with processing of the enormous amount of data that may contain a clue to the existence of extraterrestrial intelligence. As part of this new initiative, the SETI Institute will open source their data and analysis tools.
“In the future, we hope that a global army of open-source code developers, students and other experts in digital signal processing, as well as citizen scientists willing to lend their intelligence to our exploration, will have access to the same technology and join our quest”, said Jill Tarter, Director of the Center for SETI Research at the SETI Institute .
As part of the initiative, the SETI Institute reached out to Palamida for assistance with their plan to open source their analysis tools.
“Our tools have evolved throughout our 25 year history”, said Avinash Agrawal, Director of Open Innovation for the SETI Institute. “Before releasing them, it was important to us that we fully understand their composition, so that we can comply with any software licenses obligations, as well as provide as much information as possible to our development community about what software components make up our tools”.
Palamida scanned the source code of the SETI Institute tools and in essence created a software bill of materials that detailed all of the third party software components (both open source and commercial) within each tool as well as their licenses and obligations. An analysis of this type is quite common for software development organizations today, particularly in view of the large amount of open source software that is typically used in development projects.
“We’re pleased that we could play a role in the setiQuest initiative” said Jeff Luszcz, founder and VP of Services for Palamida. “The fact that the SETI institute took this step is an indication of their intent to build strong and transparent relationships with open source development communities.”
About Palamida, Inc.
Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.
For more information visit: www.palamida.com.
About the SETI Institute:
The SETI Institute is a non-profit scientific organization dedicated to research, exploration, and education in the field of astrobiology. This unique team of world class scientists investigates the origin and nature of life on Earth and its possible existence throughout the universe.
The SETI Institute is a private, nonprofit organization dedicated to scientific research, education and public outreach with a mission "...to search for our beginnings and our place among the stars". Through their new initiative, setiQuest, individuals around the globe will be able to contribute their time and energy to assist with processing of the enormous amount of data that may contain a clue to the existence of extraterrestrial intelligence. As part of this new initiative, the SETI Institute will open source their data and analysis tools.
“In the future, we hope that a global army of open-source code developers, students and other experts in digital signal processing, as well as citizen scientists willing to lend their intelligence to our exploration, will have access to the same technology and join our quest”, said Jill Tarter, Director of the Center for SETI Research at the SETI Institute .
As part of the initiative, the SETI Institute reached out to Palamida for assistance with their plan to open source their analysis tools.
“Our tools have evolved throughout our 25 year history”, said Avinash Agrawal, Director of Open Innovation for the SETI Institute. “Before releasing them, it was important to us that we fully understand their composition, so that we can comply with any software licenses obligations, as well as provide as much information as possible to our development community about what software components make up our tools”.
Palamida scanned the source code of the SETI Institute tools and in essence created a software bill of materials that detailed all of the third party software components (both open source and commercial) within each tool as well as their licenses and obligations. An analysis of this type is quite common for software development organizations today, particularly in view of the large amount of open source software that is typically used in development projects.
“We’re pleased that we could play a role in the setiQuest initiative” said Jeff Luszcz, founder and VP of Services for Palamida. “The fact that the SETI institute took this step is an indication of their intent to build strong and transparent relationships with open source development communities.”
About Palamida, Inc.
Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.
For more information visit: www.palamida.com.
About the SETI Institute:
The SETI Institute is a non-profit scientific organization dedicated to research, exploration, and education in the field of astrobiology. This unique team of world class scientists investigates the origin and nature of life on Earth and its possible existence throughout the universe.
Palamida Awarded Patent for Multi-Pattern Searching
Second Patent Award in 2010
- July 19, 2010 - Palamida, the industry leader in application security for open source, today announced that it has been granted a US patent for its algorithm for Massive Multi-Pattern Searching (No. 7,711,719). This award recognizes the specialized challenge of searching source code for elements that may have originated elsewhere.
The challenge of searching source code as opposed to the web is the fact that it requires a multi-pattern approach because the goal is different. In a web search, the goal is to find sites that contain content defined by a relatively small number of words. In searching source code the goal is to determine if all or part of one program is contained in another. That is best done by breaking the programs up into a massive number of short search terms (source code fingerprints) and comparing the first program to multiple others to find matches between them. By analyzing the result the technique can determine that the code being analyzed contains the open source program zlib, for example. Without a highly optimized way of creating and comparing the search terms, the processing time would be impractically long.
“We are committed to continuous innovation to improve our customers ability to more accurately manage and secure the software that they create – and we’re pleased that our work is creating valuable new techniques to do so”, said Mark Tolliver, CEO of Palamida.
This patent is the second awarded to Palamida during 2010. The first was for technique to create a document similarity metric.
About Palamida
Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.
For more information visit: www.palamida.com.
We are attending the OSCON conference in Portland this week. Its been a couple of years since we did that and we are pleased to be back. If you are planning to attend, we would enjoy the opportunity to meet you – please find us in the exhibitor area.
Palamida Finishes 2009 with Record Results
Record Bookings and Profitability Highlight Successful 2009
- January 20, 2010 - Palamida, the leader in Application Security for Open Source, announced today that it completed 2009 with record bookings, and with strong growth, both year over year as well as sequentially. Full year 2009 subscription bookings grew 78% over 2008. Sequential growth was also strong with 34% growth from Q3 to Q4. Also during 2009, the company achieved profitability.
“Recognition of the benefits of software composition analysis increased substantially in 2009”, said Mark Tolliver, CEO of Palamida. “From game manufacturers to global financial firms, our customers are using open source software as a essential part of their development strategy, often with the result that well over half of their code comes from developers outside their organization. As a result, their ability to manage and secure their development, both from the standpoint of intellectual property and vulnerability, is increasingly important.”
Also during 2009:
• Palamida introduced Palamida Enterprise Edition 3.0, with a unique tagging and filtering feature that allows users to create a documented record of code content as part of the Palamida analysis
• The company was awarded a patent for its work in specialized search algorithms that speed the analysis of document similarities.
• The Palamida Compliance library of OSS materials expanded to a total of over 10TB of open source materials and added coverage of the hardware description languages Verilog and VHDL
• The Palamida PS team completed a record number of audit service engagements including its largest to date – comprising the complete product portfolio of a multi-billion dollar company. Over forty individual audits were included in the overall project.
• The company relocated to new offices in San Francisco.
About Palamida, Inc.
Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.
Palamida Awarded Patent for Document Similarity Metric
Award is the First Known to be Granted in the Composition Analysis Category
SAN FRANCISCO, CA. - August 26, 2009 - Palamida, the leader in application security for open source, announced today that it has been granted a U.S. patent for “Determining a Document Similarity Metric.” The authors are Palamida founder Ray Walden and software engineer Jing Zhang. The award reflects the first known patent to emerge from the new application category termed Composition Analysis. Composition Analysis focuses on software during its development cycle to identify various externally-sourced components incorporated into the software, and to flag any intellectual property and security vulnerability risks introduced by the use of these components. This application has taken on new significance over the past several years as development teams have turned to thousands of open source components available over the Web to speed development time and reduce costs. The technological key to Composition Analysis is the ability to rapidly scan code under development and compare its contents to the large amount of known open source code. It is a specialized application of search technology in which each scan is comprised of a large number of search terms, each of which represents a small portion of the code being scanned. Palamida’s patent covers the core of this specialized search, with new algorithms which compute a similarity metric based on coverage, count, clustering and uniqueness. As with any computerized search technique, the number of results matching the search criteria can be large, and the goal is to focus on those that are the most relevant to the search and to ignore those that are not. The Palamida feature that uses this technology, CodeRank, allows users to go directly to the most relevant results and ignore false positives. As a result of this patented technology, Palamida Enterprise Edition customers can spend less time analyzing results, and more time taking action to remediate any issues identified by the scan. “We are very proud of the work that Ray and Jing did,” said Mark Tolliver, Palamida CEO. “With their contribution, we were able to set a solid foundation for our ongoing development work and establish Palamida as an innovator and leader in our market.”
About Palamida, Inc.
Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.
For more information visit: www.palamida.com.
Palamida Expands Vulnerability Coverage To 94,475 Open Source Releases
Makes Keeping Current with Open Source Components Easier
SAN FRANCISCO, CA - August 20, 2009 - Palamida, the leader in application security for open source, today released the latest version of its vulnerability database, which now includes alerts on 94,475 open source project releases with vulnerabilities, an increase of approximately 60,000 covered releases during 2009. While open source project teams are typically very prompt about finding and posting fixes to reported vulnerabilities, Palamida’s expanded coverage ensures that organizations can detect out-of-date versions of components in use, and upgrade as appropriate to eliminate known vulnerabilities. Of the vulnerability alerts in the current release, 42% are ranked “high” in severity, 50% as “medium”, and 8% as “low”. Severity rankings are based on industry standards developed by the Forum of Incident Response and Security Team (FIRST). Rankings take into account vulnerability conditions such as exploitability, confidence of the report, and potential damage to users. Analysis of the new database release once again indicates a high level of responsiveness by popular open source projects. In a sample of six such projects , fewer than 20% of the vulnerabilities are reported against newer versions, with the remainder reported against older versions. This result continues to show the benefits of identifying open source projects in use and maintaining them at the current version level. Palamida’s vulnerability reporting is based on a patent-pending version detection engine within the Palamida Enterprise Edition product which detects exact project releases, purges false positives, and creates auto-generated reports. The result is a very efficient process which greatly reduces the time spent reviewing irrelevant matches manually. “Open source projects are an exceptional development resource, with a strong track record for innovation and responsiveness to community feedback” said Mark Tolliver, Palamida CEO. “ But as with any development work, use of open source needs to be maintained and updated. Our vulnerability database is one way that development organizations can make broader and more effective use of open source”.
About Palamida, Inc.
Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.
For more information visit: www.palamida.com.
Palamida Achieves “IBM Ready for Rational Software” Validation
Integration Promotes Preemptive Approach to Application Security for Open Source Code
SAN FRANCISCO, CA - February 3, 2009 - Palamida, a leader in application security for open source, today announced its Palamida Enterprise Edition solution has received IBM’s “Ready for IBM Rational Software” validation. This solution will facilitate open source security checking earlier in the software development life cycle process. Integration between Palamida Enterprise Edition and IBM Rational ClearCase enables automated code audits, the process of inventorying the open source software in use and alerting on security vulnerability issues, as part of the normal application build and release cycle. The integration helps ensure that security vulnerability and intellectual property issues are exposed early in the application development cycle when remediation is simpler and less costly. Increased attacks against software and Web applications require securing the software supply chain for applications. Palamida has found that applications built in recent years typically contain 50 percent or more open source code, most of which is not being tracked. Organizations now need to ensure they understand the composition of their in-house applications including such aspects as what third-party code is in use, where it came from, and what vulnerabilities are associated with it. Organizations that are unaware of exactly what comprises their code base are open to data breaches, legal issues, and financial exposure. “Open source is helping organizations deliver high-quality, more capable Web and software applications in less time, with fewer resources, but it is frequently used informally, without a clear approval or review process,” said Mark Tolliver, Palamida CEO. The integration with IBM Rational ClearCase helps organizations take advantage of open source by broadening their use of it, while ensuring application integrity.” Integration with IBM Rational ClearCase provides mutual customers the following benefits:
IBM has been a leader in supporting and promoting open source software. An important aspect of pervasive open source use today is the management and security of it within mission critical applications. The Palamida Enterprise Edition enables organizations to create a comprehensive inventory of open source in use and then identifies issues of intellectual property violations and known and published security vulnerabilities. The software sends online vulnerability alerts as information is updated in the National Vulnerability Database and the Palamida R&D lab. It also enables organizations to annotate and tag all files and directories to create a permanent record of the software composition of applications, minimizing the security void arising from undocumented code. The latest 6.1 terabyte Palamida data library is also included along with 29,000 open source releases with vulnerability alerts.
About Palamida, Inc.
Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications. Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others.
For more information visit: www.palamida.com.
Palamida Finds Security Tops List of Concerns Inhibiting Broader Open Source Adoption
Palamida Finds Security Tops List of Concerns Inhibiting Broader Open Source Adoption
SAN FRANCISCO, CA - December 16, 2008 -
Company Highlights 25 Hot Open Source Projects that Organizations Can Use with Confidence Today
SAN FRANCISCO, CA December 16, 2008 – Palamida, the leader in application security for open source, today released the results of a new poll, finding that 75 percent of organizations expect their IT budget to decrease either moderately or significantly in 2009, but that only 45 percent view open source as a likely solution to the upcoming budget gap. While this result may seem surprising in light of today’s economic pressures, the fact that 50 percent of respondents cite security as the number one concern around additional open source adoption could indicate the cause.
The Palamida web poll was conducted between November 13 and November 21, 2008 and included 177 respondents in senior IT, engineering, and security positions. Survey requests were evenly distributed across financial services, insurance, technology, consumer goods and services, biotech/pharmaceutical, manufacturing, healthcare, energy and government. Response was concentrated in the financial and insurance sectors.
The poll also found a very positive perception of open source software functionality and quality, with 62.7% of organizations believing that open source software is either equal or almost equal to their commercial counterparts. This countered the list of concerns, which in addition to security, included support costs and intellectual property risks as top three concerns around open source use.
“In challenging economic times, internal application development teams absolutely should be turning to open source to deliver higher quality software and Web applications with fewer resources,” said Mark Tolliver, Palamida CEO. “Open source use is flourishing inside of organizations, with applications built in the last five years, typically composed of 50 percent or more open source content. Our experience is that open source communities are typically very responsive to finding and fixing reported security problems – and that, coupled with a proactive process for open source management via composition analysis, should reduce security concerns.”
Palamida has compiled a list of 25 hot open source projects that organizations should be using today in order to trim their engineering budgets. With experience in auditing billions of lines of code for Fortune 100 as well as start-up companies, Palamida has seen some of the most productive and cost-saving use of open source from market leaders across all industries. The 25 open source projects, reviewed by Palamida, have proven to be among the most reliable, innovative, and enterprise-ready open source projects. The list includes Web 2.0 enablers Prototype, script.aculo.us, Direct Web Remoting, Yahoo! User Interface, and jQuery, that can save organizations substantial time and money in development. For further details about these projects and the full list, please visit www.palamida.com/blog.
About Palamida, Inc.
Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications. Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others.
For more information visit: www.palamida.com.
