Palamida Expands Vulnerability Coverage To 94,475 Open Source Releases

Makes Keeping Current with Open Source Components Easier

SAN FRANCISCO, CA - August 20, 2009 -

Palamida, the leader in application security for open source, today released the latest version of its vulnerability database, which now includes alerts on 94,475 open source project releases with vulnerabilities, an increase of approximately 60,000 covered releases during 2009. While open source project teams are typically very prompt about finding and posting fixes to reported vulnerabilities, Palamida’s expanded coverage ensures that organizations can detect out-of-date versions of components in use, and upgrade as appropriate to eliminate known vulnerabilities.

Of the vulnerability alerts in the current release, 42% are ranked “high” in severity, 50% as “medium”, and 8% as “low”. Severity rankings are based on industry standards developed by the Forum of Incident Response and Security Team (FIRST). Rankings take into account vulnerability conditions such as exploitability, confidence of the report, and potential damage to users. Analysis of the new database release once again indicates a high level of responsiveness by popular open source projects. In a sample of six such projects , fewer than 20% of the vulnerabilities are reported against newer versions, with the remainder reported against older versions. This result continues to show the benefits of identifying open source projects in use and maintaining them at the current version level.

Palamida’s vulnerability reporting is based on a patent-pending version detection engine within the Palamida Enterprise Edition product which detects exact project releases, purges false positives, and creates auto-generated reports. The result is a very efficient process which greatly reduces the time spent reviewing irrelevant matches manually.

“Open source projects are an exceptional development resource, with a strong track record for innovation and responsiveness to community feedback” said Mark Tolliver, Palamida CEO. “ But as with any development work, use of open source needs to be maintained and updated. Our vulnerability database is one way that development organizations can make broader and more effective use of open source”.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undisclosed code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications.

For more information visit: www.palamida.com.