Customers Benefit from Vulnerability Alerts and Broader Scope of Identification to Document and Assess Unidentified Open Source and Associated Security Risks

INTEROP, New York, NY, September 16, 2008 – Palamida, Inc., the leader in application security for open source, today announced that Wyse Technology, Magnum Semiconductor, and Pentaho have selected and deployed the latest version of Palamida’s Enterprise Edition software as part of their overall application security protection programs. By including Palamida in their software development lifecycles, the companies have taken an important step in identifying and documenting all code and content from open source projects that may lie hidden and undocumented inside mission critical applications. In focusing on the composition of their software, they reduce their risk of data breaches from unpatched security vulnerabilities and intellectual property infringements from unknown licenses.

"In the age of Web 2.0, with its extreme collaboration and mashup-style reuse, composition analysis will lower the risk that software components that enterprises use in their applications are insecure, or outdated, or not properly licensed," said Joseph Feiman, Vice President and Gartner Fellow, Gartner, Inc.

Wyse Technology, Magnum Semiconductor and Pentaho have adopted the latest released version of the Palamida Enterprise Edition to extend their management of open source into application security. “It was an easy decision to use Palamida,” said John Wunder, Director of Engineering for Magnum. “Magnum Semiconductor supplies superior products to some of the largest companies across the globe in professional broadcast infrastructure and consumer entertainment systems. We implemented the Palamida Enterprise Edition because it is the only solution that extends our application security strategy to minimize both the vulnerability and intellectual property risks in our use of open source software.”

Magnum Semiconductor previously relied primarily on representations and warranties in contracts and occasional manual code audits. With some of the world’s largest companies relying on their technology, Magnum Semiconductor needed a solution that could analyze the composition of software written in multiple languages, while complementing their existing software development lifecycle and minimizing the impact on product delivery.

James Dixon, Pentaho CTO said, “As the leader in open source business intelligence solutions, we know that customers expect us to deliver robust, scalable solutions. Our use of Palamida is an important element of that strategy and demonstrates our dedication to a secure, fully enterprise-ready open source product.”

The Palamida Enterprise Edition provides unprecedented visibility into software composition and helps stakeholders within engineering, security, and legal teams manage and secure their use of open source software. Key features include:

  • Online Vulnerability Updates: Email alerts are automatically sent as new vulnerability information is updated in the National Vulnerability Database (NVD) and the Palamida R&D lab. Consistent updates ensure immediate remediation to prevent serious issues.
  • Composition Markup: Enables organizations to annotate and tag all files and directories – from open source, proprietary, third-party commercial, and outsourced developers – creating a permanent record of software composition and minimizing the security gap arising from undocumented code.
  • Latest Palamida Data Library:
    - 6.1 terabytes in size
    - 1.14 million open source project versions
    - 9 billion source code fingerprints
    - 600 million binary files
    - 13 million Java namespace names
    - 29,000 open source releases with vulnerability alerts

“An aircraft manufacturer would never release a plane for which they did not carefully control the parts list – and, going forward, it is the same for mission-critical software applications,” said Mark Tolliver, Palamida CEO.
“Palamida’s solution is essential to building secure, high-quality applications, while capturing the benefits of an open source software strategy.”

About Magnum Semiconductor

Magnum Semiconductor is a leading provider of chips, software, and platforms for the professional broadcast infrastructure and consumer entertainment systems. Magnum provides the tools and technologies for producing, transmitting, recording, storing, managing, viewing, and exchanging audio and video throughout the home, and on the go. Magnum Semiconductor is headquartered in Milpitas, California, with sales and engineering offices in Canada, China, India, Japan, Korea, and Taiwan. Further information is available at www.magnumsemi.com.

About Pentaho

Pentaho Corporation is the commercial open source alternative for Business Intelligence (BI). Pentaho’s Open BI Suite provides comprehensive reporting, OLAP analysis, dashboards, data integration, data mining and a BI platform that have made it the world's leading and most widely-deployed open source BI suite. Pentaho's commercial open source business model eliminates software license fees, providing support, services, and product enhancements via an annual subscription. In the years since Pentaho's inception as the pioneer in commercial open source BI, Pentaho's products have been downloaded more than three million times, with production deployments at companies ranging from small organizations to The Global 2000. For more information, visit www.pentaho.com.

About Wyse Technology

Wyse Technology is the global leader in thin computing. Wyse and its partners deliver the hardware, infrastructure software, and services that comprise thin computing, allowing people to access the information they need using the applications they want, but with better security, manageability, and at a much lower total cost of ownership than a PC. Thin computing allows CIOs and senior IT professionals to reduce costs, manage risk, and deliver access to information. Wyse partners closely with industry leaders Microsoft, Citrix, VMware, and others to achieve this objective. Wyse is headquartered in San Jose, California, with offices worldwide. For more information, visit the Wyse website at www.wyse.com.

About Palamida, Inc.

Palamida delivers the industry’s first application security solution exclusively for open source software that uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Palamida solutions enable development organizations to cost-effectively manage and secure their mission critical applications and products.

Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others. For more information visit: www.palamida.com.