Partnership Enables Customers to Identify, Assess and Remediate Security Vulnerabilities Due to Undocumented Open Source

SAN FRANCISCO, CA & DULLES, VA October 29, 2008 – Palamida, the leader in application security for open source, today announced a partnership with Cigital, the leading software security and quality consulting firm. Palamida and Cigital are teaming up to provide their customers with the broadest range of subject matter expertise – encompassing in-depth open source knowledge and application security best practices. The partnership helps organizations develop an accurate inventory of open source used and assess security implications, reducing the risk that vulnerabilities may be introduced into applications through undocumented code.

“Open source helps organizations deliver high-quality, more capable Web and software applications in less time, with fewer resources,” said Mark Tolliver, Palamida CEO. “But you cannot manage and secure what you do not know you have -- and open source components are often inserted inside applications without formal record of their use. Working with Cigital, we will help organizations expand their coverage to this important new area of application security."

Cigital will use the Palamida Enterprise Edition software to identify the inventory of open source in use, report its location within the code base, and provide descriptions of the open source projects and vulnerabilities associated with them, including classification and severity ranking. Customers will also benefit from associated patch and remediation assessment, services and advice.

“In today’s world of 24/7 access, applications have become the new frontline of attack,“ said John Wyatt, Cigital COO. “We are pleased to be working with Palamida to help organizations realize the importance of managing security issues surrounding their use of open source. Cigital and Palamida have the extensive experience to identify and remediate security vulnerabilities before they become data breaches…and before they become headlines.”

About Palamida, Inc.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications. Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others.

For more information visit: www.palamida.com.

About Cigital

Cigital, Inc., a leading software security and quality consulting firm, has enabled some of the most well-known organizations in financial services, communications, insurance, hospitality, e-commerce and government to reduce their mission-critical software business risks. Cigital consultants specialize in software security and quality solutions to help organizations protect some of their most valuable assets: company and mission information, customer and individual data, shareholder value and brand. Each client's unique requirements are served through a combination of proven methodologies, tools and best practices. Cigital assures the reliable delivery and deployment of software that organizations build, buy and integrate. Established in 1992, Cigital is headquartered near Washington, D.C. with offices in Boston, New York, Los Angeles and Delhi, India.

For more information visit: www.cigital.com.

Open Source Veteran to Lead Expansion of Partnerships and Business Development

San Francisco, CA, September 30, 2008 – Palamida, the leader in application security for open source, announced today that Andre M. Boisvert has been appointed Chairman of the Board of Directors. In addition to his role as Chairman, Boisvert, who has served as a Palamida board member for three years, will take an active role in business development for Palamida.

"This is a major step forward for Palamida," said Mark Tolliver, Palamida CEO. "Our business continues to accelerate as governments and industries around the world increase their usage of open source based solutions. This has expanded our partnership opportunities, and we are indeed fortunate to have one of the Industry’s most recognized and successful open source entrepreneurs add his expertise to our management team."

Boisvert began his technology career in 1976 when he joined IBM. During his 13 years at IBM, Boisvert held senior management positions in sales, marketing and R&D. After IBM, Boisvert held executive positions in some of the best respected software companies in the industry, such as Cognos, Oracle Corporation, where he was senior vice president of worldwide marketing and a member of Oracle’s management committee, and SAS Institute Inc., the largest privately held software company in the world, where he served as president and chief operating officer.

In 2002, Boisvert joined the board of directors of VA Software (NASDAQ: LNUX), the creator of SourceForge.net, the largest open source development site on the Internet, which enjoys more than 30 million unique visitors each month and hosts more than 160,000 registered open source projects. This led Boisvert to co-founding the industry’s first open source end-to-end business intelligence company, Pentaho Corporation. Today Boisvert is chairman of three other open source companies, each one a leader in its respective field: Compiere for enterprise resource planning; Infobright for data warehouse; and Zenoss for systems management.

"For years I have believed that the open source business model will significantly change the way that software is developed, distributed and supported. As open source becomes more pervasive, it is personally gratifying to witness customers benefiting from the disruptive nature of this model, in terms of higher code quality, tighter innovation cycles, exponentially better price-performance and no vendor lock in," stated Boisvert. "As organizations around the globe continue to ratchet up their use of open source, whether that be in the form of integrating various open source components into a solution or whether they leverage an already built open source application, these customers have a requirement to ensure application security by managing and protecting these open source assets. As such, I am delighted to be associated with Palamida, who is the leader in the area of providing software and services around this key requirement."

About Palamida, Inc.

Palamida delivers the industry’s first application security solution exclusively for open source software that uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Palamida solutions enable development organizations to cost-effectively manage and secure their mission critical applications and products.
Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others. For more information visit: www.palamida.com.

Customers Benefit from Vulnerability Alerts and Broader Scope of Identification to Document and Assess Unidentified Open Source and Associated Security Risks

INTEROP, New York, NY, September 16, 2008 – Palamida, Inc., the leader in application security for open source, today announced that Wyse Technology, Magnum Semiconductor, and Pentaho have selected and deployed the latest version of Palamida’s Enterprise Edition software as part of their overall application security protection programs. By including Palamida in their software development lifecycles, the companies have taken an important step in identifying and documenting all code and content from open source projects that may lie hidden and undocumented inside mission critical applications. In focusing on the composition of their software, they reduce their risk of data breaches from unpatched security vulnerabilities and intellectual property infringements from unknown licenses.

"In the age of Web 2.0, with its extreme collaboration and mashup-style reuse, composition analysis will lower the risk that software components that enterprises use in their applications are insecure, or outdated, or not properly licensed," said Joseph Feiman, Vice President and Gartner Fellow, Gartner, Inc.

Wyse Technology, Magnum Semiconductor and Pentaho have adopted the latest released version of the Palamida Enterprise Edition to extend their management of open source into application security. “It was an easy decision to use Palamida,” said John Wunder, Director of Engineering for Magnum. “Magnum Semiconductor supplies superior products to some of the largest companies across the globe in professional broadcast infrastructure and consumer entertainment systems. We implemented the Palamida Enterprise Edition because it is the only solution that extends our application security strategy to minimize both the vulnerability and intellectual property risks in our use of open source software.”

Magnum Semiconductor previously relied primarily on representations and warranties in contracts and occasional manual code audits. With some of the world’s largest companies relying on their technology, Magnum Semiconductor needed a solution that could analyze the composition of software written in multiple languages, while complementing their existing software development lifecycle and minimizing the impact on product delivery.

James Dixon, Pentaho CTO said, “As the leader in open source business intelligence solutions, we know that customers expect us to deliver robust, scalable solutions. Our use of Palamida is an important element of that strategy and demonstrates our dedication to a secure, fully enterprise-ready open source product.”

The Palamida Enterprise Edition provides unprecedented visibility into software composition and helps stakeholders within engineering, security, and legal teams manage and secure their use of open source software. Key features include:

• Online Vulnerability Updates: Email alerts are automatically sent as new vulnerability information is updated in the National Vulnerability Database (NVD) and the Palamida R&D lab. Consistent updates ensure immediate remediation to prevent serious issues.
• Composition Markup: Enables organizations to annotate and tag all files and directories – from open source, proprietary, third-party commercial, and outsourced developers – creating a permanent record of software composition and minimizing the security gap arising from undocumented code.
• Latest Palamida Data Library:
  - 6.1 terabytes in size
  - 1.14 million open source project versions
  - 9 billion source code fingerprints
  - 600 million binary files
  - 13 million Java namespace names
  - 29,000 open source releases with vulnerability alerts

“An aircraft manufacturer would never release a plane for which they did not carefully control the parts list – and, going forward, it is the same for mission-critical software applications,” said Mark Tolliver, Palamida CEO.
“Palamida’s solution is essential to building secure, high-quality applications, while capturing the benefits of an open source software strategy.”

About Magnum Semiconductor

Magnum Semiconductor is a leading provider of chips, software, and platforms for the professional broadcast infrastructure and consumer entertainment systems. Magnum provides the tools and technologies for producing, transmitting, recording, storing, managing, viewing, and exchanging audio and video throughout the home, and on the go. Magnum Semiconductor is headquartered in Milpitas, California, with sales and engineering offices in Canada, China, India, Japan, Korea, and Taiwan. Further information is available at www.magnumsemi.com.

About Pentaho

Pentaho Corporation is the commercial open source alternative for Business Intelligence (BI). Pentaho’s Open BI Suite provides comprehensive reporting, OLAP analysis, dashboards, data integration, data mining and a BI platform that have made it the world's leading and most widely-deployed open source BI suite. Pentaho's commercial open source business model eliminates software license fees, providing support, services, and product enhancements via an annual subscription. In the years since Pentaho's inception as the pioneer in commercial open source BI, Pentaho's products have been downloaded more than three million times, with production deployments at companies ranging from small organizations to The Global 2000. For more information, visit www.pentaho.com.

About Wyse Technology

Wyse Technology is the global leader in thin computing. Wyse and its partners deliver the hardware, infrastructure software, and services that comprise thin computing, allowing people to access the information they need using the applications they want, but with better security, manageability, and at a much lower total cost of ownership than a PC. Thin computing allows CIOs and senior IT professionals to reduce costs, manage risk, and deliver access to information. Wyse partners closely with industry leaders Microsoft, Citrix, VMware, and others to achieve this objective. Wyse is headquartered in San Jose, California, with offices worldwide. For more information, visit the Wyse website at www.wyse.com.

About Palamida, Inc.

Palamida delivers the industry’s first application security solution exclusively for open source software that uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Palamida solutions enable development organizations to cost-effectively manage and secure their mission critical applications and products.

Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others. For more information visit: www.palamida.com.

Open Health Tools(OHT) today announced it has accepted a donation from the California HealthCare Foundation (CHCF) of key software components from a $10 million health information data exchange project. CHCF provided the open source-format software code to OHT, a community of information technology and health care participants, to help accelerate establishment of regional health information exchanges, a critical but often missing piece of the health care delivery system. Information about the Open Health Information Exchange project (openHIE) can be found at https://openhie.projects.openhealthtools.org.

“CollabNet facilitated CHCF’s efforts and will support all future code donations to OHT. We are providing a world-class development platform and online community services to enable OHT's members and distributed project teams to collaborate in an open and secure environment,” said Tony de la Lama, vice president of Corporate Strategy and Marketing at CollabNet. &dlquo;The CollabNet platform is a perfect fit for the vision of a global Health Information Exchange System where health organizations anywhere in the world are able to collaborate, share code and jointly develop software and new technology standards.”

Palamida conducted software composition analysis on the California HealthCare Foundation code base and provided a complete inventory of all open source and third-party projects and versions in use for identification of known vulnerabilities and intellectual property ownership. &dlquo;Open Health Tools is taking an important step towards expanding the use of open source in the health care market," said Mark Tolliver, Palamida CEO. "We're proud to have been chosen by OHT to assure its community that its projects are enterprise-ready.&drquo;

According to a March 2006 commissioned study conducted by Forrester Consulting on behalf of CHCF: &dlquo;Successful development of open source software for health care will require viable developer communities. Such communities, which share an interest in a particular type of software, are the engines that drive open source projects.&drquo;

CHCF originally supported development of the contributed software for the Santa Barbara County Care Data Exchange (SBCCDE), one of the nation’s first regional health information exchanges. The SBCCDE ceased operations in 2006, but it spurred the federal government’s adoption of a plan to establish regional health information organizations (RHIOs) throughout the United States. Jonah Frohlich, CHCF senior program officer explained, &dlquo;Our experience taught us that these exchanges can improve quality and access to vital clinical information when and where it is needed. With the potential for cost reduction, we hope that more clinics and practices in underserved communities take advantage of open source products.&drquo;

CollabNet lowers the barrier of entry for global organizations to collaborate, code share and co-develop software and technology standards. CollabNet’s secure environment and software development platform allows projects and project teams to ramp up in days rather than weeks.

About Open Health Tools

Open Heath Tools is a collaborative effort between national health agencies, major healthcare providers, researchers, academics, international standards bodies and companies from Australia, Canada, the United States, the United Kingdom and Europe. Its goal is to develop common healthcare IT products and services and provide software tools and components that accelerate the implementation of electronic health information interoperability platforms, thus improving patient quality of care, safety and access to electronic health records (EHR).

About California HealthCare Foundation

The California HealthCare Foundation, based in Oakland, is an independent philanthropy committed to improving California’s health care delivery and financing system.

About CollabNet

With 1.3 million users, CollabNet leads the software industry towards a new era of collaborative software development. By connecting remote teams and integrating disparate development tools, the CollabNet platform simplifies distributed development, reduces infrastructure costs by up to 50%, and eliminates silos between isolated teams to speed innovation. CollabNet is the company behind Subversion, the world’s #1 version control and Software Configuration Management solution for distributed teams.

About Palamida

Palamida is the industry’s first application security solution exclusively for Open Source Software that uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities as well as intellectual property and compliance issues. Palamida solutions enable development organizations to cost-effectively manage and secure mission critical applications and products. Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others.

All trademarks or registered trademarks are the property of their respective owners.

Media Contacts

Silvina Martinez, Communications Officer
California HealthCare Foundation
Tel: 510-587-3149
Email: smartinez@chcf.org

Tony de la Lama
CollabNet, Inc.
Tel: 650-228-2514
Email: tonyd@collab.net

Anthony Loredo
Horn Group, Inc. for CollabNet
Tel: 646-202-9770
Email: aloredo@horngroup.com

Erica Zeidenberg
Hot Tomato Marketing for Palamida
Tel: 925-631-0553
Email: aloredo@horngroup.com

Palamida, the industry’s first provider of application security for open source, today announced that Sterling Commerce, a subsidiary of AT&T Inc. (NYSE:T), has selected Palamida as its solution to manage and secure its use of open source software. By including Palamida solutions in the engineering lifecycle process, Sterling Commerce is taking an important step to reduce the business risks associated with undocumented code.

“We are extremely pleased that Sterling Commerce selected Palamida for managing their use of open source,” said Mark Tolliver, CEO of Palamida. “Adoption of open source software has exploded in recent years, and companies are recognizing the need to establish and efficiently manage policies for its use. By doing so, they capture the benefits, but limit the risks associated with its often undocumented inclusion in development projects. With Palamida, Sterling Commerce is now at the forefront of organizations addressing this issue."

Sterling Commerce has provided business process solutions to FORTUNE® 500 companies and the world’s largest banks for over 30 years. More than 30,000 customers worldwide use their solutions for business process integration, multi-channel selling, and supply chain fulfillment to improve profitability inside and outside their company walls. Headquartered in Columbus, Ohio, Sterling Commerce has offices in 19 countries and most major cities around the world.

“Sterling Commerce is committed to offering the highest quality software,” said Steve Aulds, SVP of Engineering. “Open source software can play an important role in delivering high quality software, however, it must be managed to protect our software assets and corporate reputation. Palamida, with its workflow, scanning and audit capabilities, takes open source management to a more efficient level, enabling Sterling Commerce to cost-effectively leverage the use of open source.”

The use of open source software has increased as companies take advantage of the time-to-market benefits of the community-driven development model. At the same time, the magnitude of this change requires new development strategies to insure that the contents of mission-critical projects are documented, that known vulnerabilities are addressed, and there is no risk of accidental infringement. This has led leading-edge development organizations, such as Sterling Commerce, to put systems in place to manage and secure their use of open source. As a result, more developers are enabled to use open source components which leads to a more robust and responsive community.