Back to Archived News
Palamida Extends IP Amplifierô Day One Reporting of Open Source Intellectual Property and Security Risks
Tuesday, May 08, 2007
San Francisco, CA -- Palamida™, a leader in software risk management solutions for open source, today announced that it has extended IP Amplifier's robust detection capabilities with Day One reporting -- customizable, prioritized, same day snapshots of code level risks.
The manual audit and analysis of a company's code base is an error prone and time consuming process that ties up valuable IT and legal resources and can significantly prolong software's time to market. During a merger or acquisition, manual analysis can also prove costly - highlighting trouble in software assets that could devalue, or even void a pending deal.
"Software risk management begins with consistent, comprehensive, code inventory of open source components and security risks," explains Mark Tolliver, CEO of Palamida. "With Day One reporting, organizations can pinpoint and remediate vulnerabilities in a matter of hours instead of days by customizing the level of forensic detection -- right down to the location of the file in the code base."
With IP Amplifier, organizations can eliminate the guesswork of wading through false positives and irrelevant data. Drawing on the industry's largest and most in-depth compliance library, IP Amplifier provides detailed information regarding intellectual property and security risks.
"Open source applications face the same challenges as commercial applications when it comes to security and intellectual property infringement. The biggest difference is that when a commercial application has security vulnerabilities, the software company will eventually release and push out a patch to fix the issue," adds Tolliver. "With open source, patches are usually available, but you'd have to know where to go to get the patch. If you don't know what open source you have in the first place, you wouldn't have a clue as to whether or not it was vulnerable."
Palamida's compliance library is continually expanding with real-time updates. It is currently composed of:
- 140,000+ unique open source projects
- 780,000+ versions of open source projects
- 7B+ source code snippets
- 500 million binary files
- 10 million Java namespace names (or Java project names)
- OSS and custom licenses
- Copyright Ids
- Extensible metadata information
It also contains:
Java, C/C++, Perl, Python, PHP, C#, VB signatures
"The adoption of open source in the enterprise has done a great deal to fuel innovation and growth," said Melinda Ballou, Program Director, Application Life-Cycle Management, IDC and Principle Analyst, IT Management Service, Insights. "Yet like any important piece of the application development process, proper controls must be in place. Regular code audits help ensure the overall health and security of the code base, freeing the development team to focus on creation rather than remediation."
IP Amplifier's Day One reporting capabilities offer immediate and actionable results that help enable customers to assess the IP and security health of their code base. Existing products on the market are plagued with delivering false positives, which can yield tens of thousands of irrelevant file and source code matches while Palamida's patent-pending Auto Inventory and customizable forensic detection, provide streamlined results that require little or no manual analysis.
"For organizations developing critical software applications, the ability to quickly identify possible legal, security and business risks offers the potential to greatly improve the software risk management process," says Eric von der Heyden, President of Innoopract. "Our customers who are among the leaders of open source adoption for application software development can benefit from complete visibility into their code base."
About the Company
Palamida enables organizations to manage the growing complexity of multi- source development environments by answering the question, "What's in your code?" Through detailed analysis of the code base customers gain insight into their code inventory -- a critical component of quality control, risk mitigation, and vulnerability assessment.
Palamida was founded in 2003, offering market leading solutions and services that accelerate the adoption of open source within the enterprise environment by eliminating legal and vulnerability concerns associated with its use. Customers include Avaya, Cisco Systems, EMC, and Microsoft, among others. Read Palamida's blog at http://www.palamida.com/blog or for more information visit http://www.palamida.com.
Back to Archived News