http://www.palamida.com/taxonomy/term/4/0 Software Risk Management en http://www.palamida.com/node/534 <p>By now you've probably seen HP's <a href="http://www.hp.com/hpinfo/newsroom/press/2008/080124a.html?mtxs=rss-corp-combined" target="_blank"> FOSSology </a> announcement. It's an initiative that they say will, "facilitate the study of Free and Open Source Software by providing free data analysis tools". It's a welcome addition to the open source world, and is evidence of the growth of a robust ecosystem of tools and information. Open source is how software is done today. </p> <p><a href="http://www.palamida.com/node/534">read more</a></p> http://www.palamida.com/node/534#comment Software Risk Management Fri, 25 Jan 2008 11:54:01 -0600 admin 534 at http://www.palamida.com http://www.palamida.com/node/513 <p>For year-end 2007, we have compiled the Top 5 Most Overlooked Open Source Vulnerabilities encountered during 2007. We came up with this list after reviewing over 300 million lines of code and spending literally thousands of hours of analysis across a wide range of industries - including technology, financial services and government, among others.</p> <p><a href="http://www.palamida.com/node/513">read more</a></p> http://www.palamida.com/node/513#comment Software Risk Management Fri, 07 Dec 2007 19:32:20 -0600 admin 513 at http://www.palamida.com http://www.palamida.com/node/397 <p>Beginning in 2006, some customers of my previous company started inserting contract provisions requiring us to identify all open source software in use within the networking service we provided. As the VP of Engineering at the time, I told them that I stood behind the total service offering, regardless of which parts were open source, which were commercially licensed, and which were built by us, so they needn't be concerned about this. In each case they agreed and removed the provision. It is now clear to me that they should not have done so. Here's why.</p> <p><a href="http://www.palamida.com/node/397">read more</a></p> http://www.palamida.com/node/397#comment Software Risk Management Tue, 12 Jun 2007 13:35:59 -0500 admin 397 at http://www.palamida.com http://www.palamida.com/node/354 <p>Jeff Jones writes an ongoing security blog for <a href="http://www.csoonline.com/" target="_blank">CSO Online</a>. A recent <a href="http://blogs.csoonline.com/scrubbing_the_source_data_part_1_nvd" target="_blank">post </a> about scrubbing and verifying data from repositories such as <a href="http://nvd.nist.gov/nvd.cfm" target="_blank"> National Vulnerability Database</a> caught our attention.</p> <p><a href="http://www.palamida.com/node/354">read more</a></p> http://www.palamida.com/node/354#comment Software Risk Management Thu, 03 May 2007 16:10:43 -0500 admin 354 at http://www.palamida.com http://www.palamida.com/node/200 <p>Last week, our CTO Ray Waldin participated in a webinar with Rob Jenkins from <a href="http://www.collab.net/" target="_blank">CollabNet</a> and Eddie Correia from <a href="http://www.sdtimes.com/index.html" target="_blank">SD Times</a>. The topic was "Two Steps to Centralized, Secure, and Auditable Source Code."</p> <p>As part of the webinar, we conducted an online survey. Here are some of the more interesting results. (We're not for a minute suggesting these are in any way statistically valid):</p> <p><b>How do you manage the use of open source in your code base today?</b></p> <p><a href="http://www.palamida.com/node/200">read more</a></p> http://www.palamida.com/node/200#comment Software Risk Management Fri, 03 Mar 2006 02:00:00 -0600 admin 200 at http://www.palamida.com http://www.palamida.com/node/207 <p>Twice today... Maybe my new year's resolution is working...</p> <p><a href="http://www.palamida.com/node/207">read more</a></p> http://www.palamida.com/node/207#comment Software Risk Management Mon, 02 Jan 2006 18:50:00 -0600 admin 207 at http://www.palamida.com