New Solution Enhances IT Governance by Pinpointing Known Security Risks in
Open Source Code
SAN FRANCISCO, April 23 /PRNewswire/ -- Gartner SYMPOSIUM/ITxpo --
Palamida(TM), the leader in software intellectual property management
solutions and audit services, today announced that it has extended the
reach of its extensive compliance library and launched a new service, the
Vulnerability Reporting Solution (VRS). VRS works seamlessly with
Palamida's code audit compliance solution, IP Amplifier(TM), to identify,
prioritize, and report known vulnerabilities within open source code used
in customers' projects.
Access to readily available code resources, geographically distributed
development teams, and increasing time-to-market pressures have given rise
to the blending of homegrown, third-party and open source components. The
sheer size of today's typical software projects coupled with the number of
contributing developers makes it difficult and time consuming for companies
to get an accurate assessment of their software assets: What do they have?
Where did it come from? What are its intellectual property and security
risks?
Thorough risk mitigation calls for more than just firewalls and virus
scanning, it requires code level protection against legal, financial and
security risks -- it requires solutions robust enough to identify software
intellectual property challenges and known vulnerabilities in the code
base.
Code Level Risk Mitigation
Existing vulnerability analysis solutions scan customers' proprietary
code to identify potential vulnerability holes due to coding practices such
as buffer overflow and similar problems. The VRS complements these tools to
further enhance the IT Governance process by both pinpointing the use of
open source content and reporting on known vulnerabilities based on
aggregated information from many sources.
"Successful IT Governance requires risk mitigation at the code level,"
said Mark Tolliver, CEO of Palamida. "By combining our scanning and
detection technology with the excellent content available through
repositories such as the National Vulnerability Database, we are able to
bring a new level of transparency and confidence to enterprise use of open
source software."
Enhancing the Value of Existing Solutions
The VRS is the perfect complement to vulnerability analysis
implementations and further extends the breadth and depth of Palamida's
existing compliance library -- the industry's largest and most
comprehensive database of its type.
"Due to the nature of our business, we are committed to both security
and efficiency," notes Stephen Chen, Managing Director of SEC Ventures.
"Palamida's Vulnerability Reporting Solution delivers the depth and insight
necessary for us to rectify any potential security issues, if found, in a
quick and efficient manner."
"As an open source technology with a huge user base, it's very
important to us to spot any new security vulnerabilities immediately," said
Ron Park, VP of Engineering at MuleSource. "Palamida's VRS enables our
development team to track and remediate any open source vulnerabilities as
they arise -- giving us the ability to proactively address them, rather
than react to them. Palamida's VRS provides us with a lot of value."
Composed of 3 Terabytes worth of content, Palamida's library contains
over 140,000 OSS projects, 780,000 versions, 7 billion source code
snippets, 10 million Java namespaces, 500 million binary file IDs, and
Java, C/C++, Perl, Python, PHP, C#, and VB signatures, among other
components.
The VRS provides relevant and timely information on open source
vulnerabilities by leveraging data from the National Vulnerability Database
(NVD), a comprehensive cyber security database sponsored by the Department
of Homeland Security, run by the National Institute of Standards and
Technology, with Common Vulnerability and Exposure (CVE) data from The
MITRE Corporation. The NVD integrates all publicly available US government
vulnerability resources and provides references to industry resources for
the purpose of assisting with remediation efforts. The NVD currently
contains over 23,700 known vulnerabilities in total, 89 US-CERT issued
alerts, and 1,900 US-CERT vulnerability notes. There are an average of 19
new CVEs added to the NVD each day.
About the Company
Palamida enables organizations to manage the growing complexity of
multi- source development environments by answering the question, "What's
in your code?" Through detailed analysis of the code base customers gain
insight into their code inventory -- a critical component of quality
control, risk mitigation, and vulnerability assessment.
Palamida was founded in 2003, offering market leading solutions and
services that accelerate the adoption of open source within the enterprise
environment by eliminating legal and vulnerability concerns associated with
its use. Customers include Avaya, Cisco Systems, EMC, and Microsoft, among
others. Read Palamida's blog at http://www.palamida.com/blog or for more
information visit http://www.palamida.com.
SOURCE Palamida
 back to top
Related links:
http://www.palamida.com
http://www.palamida.com/blog
http://www.gartner.com/it/sym/2007/spg9/spg9.jsp
CONTACT:
Melisa Bleasdale of Palamida, +1-415-777-9400
x140, or cell, +1-408-219-1969
|
