Palamida Finishes 2009 with Record Results

Record Bookings and Profitability Highlight Successful 2009

- January 20, 2010 - Palamida, the leader in Application Security for Open Source, announced today that it completed 2009 with record bookings, and with strong growth, both year over year as well as sequentially. Full year 2009 subscription bookings grew 78% over 2008. Sequential growth was also strong with 34% growth from Q3 to Q4. Also during 2009, the company achieved profitability.

“Recognition of the benefits of software composition analysis increased substantially in 2009”, said Mark Tolliver, CEO of Palamida. “From game manufacturers to global financial firms, our customers are using open source software as a essential part of their development strategy, often with the result that well over half of their code comes from developers outside their organization. As a result, their ability to manage and secure their development, both from the standpoint of intellectual property and vulnerability, is increasingly important.”

Also during 2009:

• Palamida introduced Palamida Enterprise Edition 3.0, with a unique tagging and filtering feature that allows users to create a documented record of code content as part of the Palamida analysis
• The company was awarded a patent for its work in specialized search algorithms that speed the analysis of document similarities.
• The Palamida Compliance library of OSS materials expanded to a total of over 10TB of open source materials and added coverage of the hardware description languages Verilog and VHDL
• The Palamida PS team completed a record number of audit service engagements including its largest to date – comprising the complete product portfolio of a multi-billion dollar company. Over forty individual audits were included in the overall project.
• The company relocated to new offices in San Francisco.

About Palamida, Inc.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.

January 8, 2010
The World of Mobile OSS

Google has introduced the Nexus One and no matter what you think of the current hardware (HTC) and software (Android 2.1), the ground around the mobile business is starting to shake. The reason? The combination of unlocked service and open source software.

January 8, 2010 | read more | mtolliver's blog | add new comment

Palamida Awarded Patent for Document Similarity Metric

Award is the First Known to be Granted in the Composition Analysis Category

SAN FRANCISCO, CA. - August 26, 2009 -

Palamida, the leader in application security for open source, announced today that it has been granted a U.S. patent for “Determining a Document Similarity Metric.” The authors are Palamida founder Ray Walden and software engineer Jing Zhang. The award reflects the first known patent to emerge from the new application category termed Composition Analysis.

Composition Analysis focuses on software during its development cycle to identify various externally-sourced components incorporated into the software, and to flag any intellectual property and security vulnerability risks introduced by the use of these components. This application has taken on new significance over the past several years as development teams have turned to thousands of open source components available over the Web to speed development time and reduce costs.

The technological key to Composition Analysis is the ability to rapidly scan code under development and compare its contents to the large amount of known open source code. It is a specialized application of search technology in which each scan is comprised of a large number of search terms, each of which represents a small portion of the code being scanned.

Palamida’s patent covers the core of this specialized search, with new algorithms which compute a similarity metric based on coverage, count, clustering and uniqueness. As with any computerized search technique, the number of results matching the search criteria can be large, and the goal is to focus on those that are the most relevant to the search and to ignore those that are not. The Palamida feature that uses this technology, CodeRank, allows users to go directly to the most relevant results and ignore false positives. As a result of this patented technology, Palamida Enterprise Edition customers can spend less time analyzing results, and more time taking action to remediate any issues identified by the scan.

“We are very proud of the work that Ray and Jing did,” said Mark Tolliver, Palamida CEO. “With their contribution, we were able to set a solid foundation for our ongoing development work and establish Palamida as an innovator and leader in our market.”


About Palamida, Inc.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.

For more information visit: www.palamida.com.

Palamida Expands Vulnerability Coverage To 94,475 Open Source Releases

Makes Keeping Current with Open Source Components Easier

SAN FRANCISCO, CA - August 20, 2009 -

Palamida, the leader in application security for open source, today released the latest version of its vulnerability database, which now includes alerts on 94,475 open source project releases with vulnerabilities, an increase of approximately 60,000 covered releases during 2009. While open source project teams are typically very prompt about finding and posting fixes to reported vulnerabilities, Palamida’s expanded coverage ensures that organizations can detect out-of-date versions of components in use, and upgrade as appropriate to eliminate known vulnerabilities.

Of the vulnerability alerts in the current release, 42% are ranked “high” in severity, 50% as “medium”, and 8% as “low”. Severity rankings are based on industry standards developed by the Forum of Incident Response and Security Team (FIRST). Rankings take into account vulnerability conditions such as exploitability, confidence of the report, and potential damage to users. Analysis of the new database release once again indicates a high level of responsiveness by popular open source projects. In a sample of six such projects , fewer than 20% of the vulnerabilities are reported against newer versions, with the remainder reported against older versions. This result continues to show the benefits of identifying open source projects in use and maintaining them at the current version level.

Palamida’s vulnerability reporting is based on a patent-pending version detection engine within the Palamida Enterprise Edition product which detects exact project releases, purges false positives, and creates auto-generated reports. The result is a very efficient process which greatly reduces the time spent reviewing irrelevant matches manually.

“Open source projects are an exceptional development resource, with a strong track record for innovation and responsiveness to community feedback” said Mark Tolliver, Palamida CEO. “ But as with any development work, use of open source needs to be maintained and updated. Our vulnerability database is one way that development organizations can make broader and more effective use of open source”.


About Palamida, Inc.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.

For more information visit: www.palamida.com.

Palamida Achieves “IBM Ready for Rational Software” Validation

Integration Promotes Preemptive Approach to Application Security for Open Source Code

SAN FRANCISCO, CA - February 3, 2009 -

Palamida, a leader in application security for open source, today announced its Palamida Enterprise Edition solution has received IBM’s “Ready for IBM Rational Software” validation. This solution will facilitate open source security checking earlier in the software development life cycle process.

Integration between Palamida Enterprise Edition and IBM Rational ClearCase enables automated code audits, the process of inventorying the open source software in use and alerting on security vulnerability issues, as part of the normal application build and release cycle. The integration helps ensure that security vulnerability and intellectual property issues are exposed early in the application development cycle when remediation is simpler and less costly.

Increased attacks against software and Web applications require securing the software supply chain for applications. Palamida has found that applications built in recent years typically contain 50 percent or more open source code, most of which is not being tracked. Organizations now need to ensure they understand the composition of their in-house applications including such aspects as what third-party code is in use, where it came from, and what vulnerabilities are associated with it. Organizations that are unaware of exactly what comprises their code base are open to data breaches, legal issues, and financial exposure.

“Open source is helping organizations deliver high-quality, more capable Web and software applications in less time, with fewer resources, but it is frequently used informally, without a clear approval or review process,” said Mark Tolliver, Palamida CEO. The integration with IBM Rational ClearCase helps organizations take advantage of open source by broadening their use of it, while ensuring application integrity.”

Integration with IBM Rational ClearCase provides mutual customers the following benefits:

  • A new level of security functionality for increased return on investment in using IBM Rational tools and services.
  • Complementary application security solution to IBM’s existing security software such as IBM Rational AppScan, which enables scanning and testing of application source code. With the new integration, joint customers now have a solution for software composition analysis, which addresses open source vulnerabilities including those in binary form.
  • A reliable framework within the development cycle for security and IP stakeholders to collaborate in the approval, analysis, and remediation of security and IP issues utilizing alerts of violations against established policies, and maintain a record of the decisions for remediation.

IBM has been a leader in supporting and promoting open source software. An important aspect of pervasive open source use today is the management and security of it within mission critical applications. The Palamida Enterprise Edition enables organizations to create a comprehensive inventory of open source in use and then identifies issues of intellectual property violations and known and published security vulnerabilities. The software sends online vulnerability alerts as information is updated in the National Vulnerability Database and the Palamida R&D lab. It also enables organizations to annotate and tag all files and directories to create a permanent record of the software composition of applications, minimizing the security void arising from undocumented code. The latest 6.1 terabyte Palamida data library is also included along with 29,000 open source releases with vulnerability alerts.


About Palamida, Inc.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications. Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others.

For more information visit: www.palamida.com.

Palamida Finds Security Tops List of Concerns Inhibiting Broader Open Source Adoption

Palamida Finds Security Tops List of Concerns Inhibiting Broader Open Source Adoption

SAN FRANCISCO, CA - December 16, 2008 -

Company Highlights 25 Hot Open Source Projects that Organizations Can Use with Confidence Today

SAN FRANCISCO, CA December 16, 2008 – Palamida, the leader in application security for open source, today released the results of a new poll, finding that 75 percent of organizations expect their IT budget to decrease either moderately or significantly in 2009, but that only 45 percent view open source as a likely solution to the upcoming budget gap. While this result may seem surprising in light of today’s economic pressures, the fact that 50 percent of respondents cite security as the number one concern around additional open source adoption could indicate the cause.

The Palamida web poll was conducted between November 13 and November 21, 2008 and included 177 respondents in senior IT, engineering, and security positions. Survey requests were evenly distributed across financial services, insurance, technology, consumer goods and services, biotech/pharmaceutical, manufacturing, healthcare, energy and government. Response was concentrated in the financial and insurance sectors.

The poll also found a very positive perception of open source software functionality and quality, with 62.7% of organizations believing that open source software is either equal or almost equal to their commercial counterparts. This countered the list of concerns, which in addition to security, included support costs and intellectual property risks as top three concerns around open source use.

“In challenging economic times, internal application development teams absolutely should be turning to open source to deliver higher quality software and Web applications with fewer resources,” said Mark Tolliver, Palamida CEO. “Open source use is flourishing inside of organizations, with applications built in the last five years, typically composed of 50 percent or more open source content. Our experience is that open source communities are typically very responsive to finding and fixing reported security problems – and that, coupled with a proactive process for open source management via composition analysis, should reduce security concerns.”

Palamida has compiled a list of 25 hot open source projects that organizations should be using today in order to trim their engineering budgets. With experience in auditing billions of lines of code for Fortune 100 as well as start-up companies, Palamida has seen some of the most productive and cost-saving use of open source from market leaders across all industries. The 25 open source projects, reviewed by Palamida, have proven to be among the most reliable, innovative, and enterprise-ready open source projects. The list includes Web 2.0 enablers Prototype, script.aculo.us, Direct Web Remoting, Yahoo! User Interface, and jQuery, that can save organizations substantial time and money in development. For further details about these projects and the full list, please visit www.palamida.com/blog.


About Palamida, Inc.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications. Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others.

For more information visit: www.palamida.com.

Palamida and Cigital Partner to Extend Application Security

Palamida and Cigital Partner to Extend Application Security for Open Source Further into the Software Development Lifecycle

SAN FRANCISCO, CA & DULLES, VA - October 29, 2008 -

Partnership Enables Customers to Identify, Assess and Remediate Security Vulnerabilities Due to Undocumented Open Source

SAN FRANCISCO, CA & DULLES, VA October 29, 2008 – Palamida, the leader in application security for open source, today announced a partnership with Cigital, the leading software security and quality consulting firm. Palamida and Cigital are teaming up to provide their customers with the broadest range of subject matter expertise – encompassing in-depth open source knowledge and application security best practices. The partnership helps organizations develop an accurate inventory of open source used and assess security implications, reducing the risk that vulnerabilities may be introduced into applications through undocumented code.

“Open source helps organizations deliver high-quality, more capable Web and software applications in less time, with fewer resources,” said Mark Tolliver, Palamida CEO. “But you cannot manage and secure what you do not know you have -- and open source components are often inserted inside applications without formal record of their use. Working with Cigital, we will help organizations expand their coverage to this important new area of application security."

Cigital will use the Palamida Enterprise Edition software to identify the inventory of open source in use, report its location within the code base, and provide descriptions of the open source projects and vulnerabilities associated with them, including classification and severity ranking. Customers will also benefit from associated patch and remediation assessment, services and advice.

“In today’s world of 24/7 access, applications have become the new frontline of attack,“ said John Wyatt, Cigital COO. “We are pleased to be working with Palamida to help organizations realize the importance of managing security issues surrounding their use of open source. Cigital and Palamida have the extensive experience to identify and remediate security vulnerabilities before they become data breaches…and before they become headlines.”

About Palamida, Inc.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications. Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others.

For more information visit: www.palamida.com.

About Cigital

Cigital, Inc., a leading software security and quality consulting firm, has enabled some of the most well-known organizations in financial services, communications, insurance, hospitality, e-commerce and government to reduce their mission-critical software business risks. Cigital consultants specialize in software security and quality solutions to help organizations protect some of their most valuable assets: company and mission information, customer and individual data, shareholder value and brand. Each client's unique requirements are served through a combination of proven methodologies, tools and best practices. Cigital assures the reliable delivery and deployment of software that organizations build, buy and integrate. Established in 1992, Cigital is headquartered near Washington, D.C. with offices in Boston, New York, Los Angeles and Delhi, India.

For more information visit: www.cigital.com.

Palamida Names Andre M. Boisvert Chairman of the Board of Directors

SAN FRANCISCO, CA - September 30, 2008 -

Open Source Veteran to Lead Expansion of Partnerships and Business Development

San Francisco, CA, September 30, 2008 – Palamida, the leader in application security for open source, announced today that Andre M. Boisvert has been appointed Chairman of the Board of Directors. In addition to his role as Chairman, Boisvert, who has served as a Palamida board member for three years, will take an active role in business development for Palamida.

"This is a major step forward for Palamida," said Mark Tolliver, Palamida CEO. "Our business continues to accelerate as governments and industries around the world increase their usage of open source based solutions. This has expanded our partnership opportunities, and we are indeed fortunate to have one of the Industry’s most recognized and successful open source entrepreneurs add his expertise to our management team."

Boisvert began his technology career in 1976 when he joined IBM. During his 13 years at IBM, Boisvert held senior management positions in sales, marketing and R&D. After IBM, Boisvert held executive positions in some of the best respected software companies in the industry, such as Cognos, Oracle Corporation, where he was senior vice president of worldwide marketing and a member of Oracle’s management committee, and SAS Institute Inc., the largest privately held software company in the world, where he served as president and chief operating officer.

In 2002, Boisvert joined the board of directors of VA Software (NASDAQ: LNUX), the creator of SourceForge.net, the largest open source development site on the Internet, which enjoys more than 30 million unique visitors each month and hosts more than 160,000 registered open source projects. This led Boisvert to co-founding the industry’s first open source end-to-end business intelligence company, Pentaho Corporation. Today Boisvert is chairman of three other open source companies, each one a leader in its respective field: Compiere for enterprise resource planning; Infobright for data warehouse; and Zenoss for systems management.

"For years I have believed that the open source business model will significantly change the way that software is developed, distributed and supported. As open source becomes more pervasive, it is personally gratifying to witness customers benefiting from the disruptive nature of this model, in terms of higher code quality, tighter innovation cycles, exponentially better price-performance and no vendor lock in," stated Boisvert. "As organizations around the globe continue to ratchet up their use of open source, whether that be in the form of integrating various open source components into a solution or whether they leverage an already built open source application, these customers have a requirement to ensure application security by managing and protecting these open source assets. As such, I am delighted to be associated with Palamida, who is the leader in the area of providing software and services around this key requirement."

About Palamida, Inc.

Palamida delivers the industry’s first application security solution exclusively for open source software that uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Palamida solutions enable development organizations to cost-effectively manage and secure their mission critical applications and products.
Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others. For more information visit: www.palamida.com.

Wyse Technology, Magnum Semiconductor and Pentaho Select Palamida

Wyse Technology, Magnum Semiconductor, and Pentaho Select Palamida's Latest Enterprise Edition for Application Security for Open Source

NEW YORK, NY - September 16, 2008 -

Customers Benefit from Vulnerability Alerts and Broader Scope of Identification to Document and Assess Unidentified Open Source and Associated Security Risks

INTEROP, New York, NY, September 16, 2008 – Palamida, Inc., the leader in application security for open source, today announced that Wyse Technology, Magnum Semiconductor, and Pentaho have selected and deployed the latest version of Palamida’s Enterprise Edition software as part of their overall application security protection programs. By including Palamida in their software development lifecycles, the companies have taken an important step in identifying and documenting all code and content from open source projects that may lie hidden and undocumented inside mission critical applications. In focusing on the composition of their software, they reduce their risk of data breaches from unpatched security vulnerabilities and intellectual property infringements from unknown licenses.

"In the age of Web 2.0, with its extreme collaboration and mashup-style reuse, composition analysis will lower the risk that software components that enterprises use in their applications are insecure, or outdated, or not properly licensed," said Joseph Feiman, Vice President and Gartner Fellow, Gartner, Inc.

Wyse Technology, Magnum Semiconductor and Pentaho have adopted the latest released version of the Palamida Enterprise Edition to extend their management of open source into application security. “It was an easy decision to use Palamida,” said John Wunder, Director of Engineering for Magnum. “Magnum Semiconductor supplies superior products to some of the largest companies across the globe in professional broadcast infrastructure and consumer entertainment systems. We implemented the Palamida Enterprise Edition because it is the only solution that extends our application security strategy to minimize both the vulnerability and intellectual property risks in our use of open source software.”

Magnum Semiconductor previously relied primarily on representations and warranties in contracts and occasional manual code audits. With some of the world’s largest companies relying on their technology, Magnum Semiconductor needed a solution that could analyze the composition of software written in multiple languages, while complementing their existing software development lifecycle and minimizing the impact on product delivery.

James Dixon, Pentaho CTO said, “As the leader in open source business intelligence solutions, we know that customers expect us to deliver robust, scalable solutions. Our use of Palamida is an important element of that strategy and demonstrates our dedication to a secure, fully enterprise-ready open source product.”

The Palamida Enterprise Edition provides unprecedented visibility into software composition and helps stakeholders within engineering, security, and legal teams manage and secure their use of open source software. Key features include:

  • Online Vulnerability Updates: Email alerts are automatically sent as new vulnerability information is updated in the National Vulnerability Database (NVD) and the Palamida R&D lab. Consistent updates ensure immediate remediation to prevent serious issues.
  • Composition Markup: Enables organizations to annotate and tag all files and directories – from open source, proprietary, third-party commercial, and outsourced developers – creating a permanent record of software composition and minimizing the security gap arising from undocumented code.
  • Latest Palamida Data Library:
    - 6.1 terabytes in size
    - 1.14 million open source project versions
    - 9 billion source code fingerprints
    - 600 million binary files
    - 13 million Java namespace names
    - 29,000 open source releases with vulnerability alerts

“An aircraft manufacturer would never release a plane for which they did not carefully control the parts list – and, going forward, it is the same for mission-critical software applications,” said Mark Tolliver, Palamida CEO.
“Palamida’s solution is essential to building secure, high-quality applications, while capturing the benefits of an open source software strategy.”

About Magnum Semiconductor

Magnum Semiconductor is a leading provider of chips, software, and platforms for the professional broadcast infrastructure and consumer entertainment systems. Magnum provides the tools and technologies for producing, transmitting, recording, storing, managing, viewing, and exchanging audio and video throughout the home, and on the go. Magnum Semiconductor is headquartered in Milpitas, California, with sales and engineering offices in Canada, China, India, Japan, Korea, and Taiwan. Further information is available at www.magnumsemi.com.

About Pentaho

Pentaho Corporation is the commercial open source alternative for Business Intelligence (BI). Pentaho’s Open BI Suite provides comprehensive reporting, OLAP analysis, dashboards, data integration, data mining and a BI platform that have made it the world's leading and most widely-deployed open source BI suite. Pentaho's commercial open source business model eliminates software license fees, providing support, services, and product enhancements via an annual subscription. In the years since Pentaho's inception as the pioneer in commercial open source BI, Pentaho's products have been downloaded more than three million times, with production deployments at companies ranging from small organizations to The Global 2000. For more information, visit www.pentaho.com.

About Wyse Technology

Wyse Technology is the global leader in thin computing. Wyse and its partners deliver the hardware, infrastructure software, and services that comprise thin computing, allowing people to access the information they need using the applications they want, but with better security, manageability, and at a much lower total cost of ownership than a PC. Thin computing allows CIOs and senior IT professionals to reduce costs, manage risk, and deliver access to information. Wyse partners closely with industry leaders Microsoft, Citrix, VMware, and others to achieve this objective. Wyse is headquartered in San Jose, California, with offices worldwide. For more information, visit the Wyse website at www.wyse.com.

About Palamida, Inc.

Palamida delivers the industry’s first application security solution exclusively for open source software that uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Palamida solutions enable development organizations to cost-effectively manage and secure their mission critical applications and products.

Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others. For more information visit: www.palamida.com.

Open Health Tools Accepts Code Donation

Date
20080813T00:00:00

eHealth Europe: Open Health Tools Accepts Code Donation