Palamida to Use Vulnerability Reporting Solution to Provide Software Risk Management for the Open Solutions Alliance

June 5, 2007; 06:36 AM

Palamida(TM), the leader in software risk management solutions for open source, today announced that it will provide intellectual property and vulnerability assurance to Open Solutions Alliance's (OSA) Independent Software Vendor (ISV) members who are releasing products based on OSA open source interoperability initiatives. With Palamida's Vulnerability Reporting Solution and IP Amplifier, ISV Members will be able to leverage the industry's largest compliance library -- containing open source software ID tags, intellectual property information, and published vulnerability alerts -- to assure corporate users that their projects meet important enterprise security and compliance thresholds.

"Enterprise users increasingly require as much information as possible about the open source products they deploy," said Mark Tolliver, CEO of Palamida. "And Palamida is committed to ensuring that OSA's ISV members have insight into not only intellectual property data but reported vulnerability information. A comprehensive code inventory is essential to offering quality, interoperable, enterprise-ready open source solutions that customers can implement with confidence."

Comprehensive Code Level Risk Mitigation

Palamida's IP Amplifier will accelerate the audit and software risk management process for the OSA's ISV's interoperable, market-bound products. By removing a significant amount of guess work typically left behind by existing solutions, the ISVs can now more easily ensure the security and integrity of their open source content. Unlike traditional code audit solutions IP Amplifier streamlines the audit process through an innovative feature set. The Auto-Inventory(TM) feature is a patent-pending technology that provides the highest probability results on code source identification. CodeRank(TM) technology rates identified matches based on percentage of coverage, clustering, and uniqueness to further increase probability of identifying problematic code. Thorough source code matching highlights source code snippets, whether they match open source or third party files and/or code snippets, enabling easy location and review while Fast search allows the entry of custom search parameters for rapid, targeted results.

IP Amplifier's in-depth compliance library contains over 140,000 OSS projects, 780,000 versions of open source projects, 7 billion source code snippets, 10 million Java namespaces, 500 million binary file IDs, and Java, C/C++, Perl, Python, PHP, C#, and VB signatures among other components.

By identifying open source code, verifying its origin, and providing reports on relevant and known OSS vulnerabilities, the VRS enables OSA's ISVs to reduce legal and business exposure by identifying risks before market deployment -- saving valuable time and resources on back-tracking and remediation efforts.

The VRS provides timely information on open source vulnerabilities by leveraging proprietary information and data gathered from multiple repositories such as the National Vulnerability Database (NVD), a comprehensive cyber security database sponsored by the Department of Homeland Security (DHS). The NVD is run by the National Institute of Standards and Technology (NIST), with Common Vulnerability and Exposure (CVE) data from The MITRE Corporation.

"The goal of the OSA is to expand the market for business open software solutions through cooperative action that increases awareness of member solutions, reduces barriers to customer adoption, and facilitates interoperability," said Dominic Sartorio, President of the Open Solutions Alliance (OSA), "Through innovation and collaboration, OSA's ISV Members are working to bring to market open source solutions that meet the overall goals of the organization. We are pleased that Palamida has offered to assist the OSA ISVs to find and remediate areas of concern in their open source prior to going to market -- a strategy that both ensures software quality and mitigates business risk."

About Palamida

Palamida enables organizations to manage the growing complexity of multi-source development environments by answering the question, "What's in your code?" Through detailed analysis of the code base customers gain insight into their code inventory -- a critical component of quality control, risk mitigation, and vulnerability assessment.

Palamida was founded in 2003, offering market leading solutions and services that accelerate the adoption of open source within the enterprise environment by eliminating legal and vulnerability concerns associated with its use. Customers include Avaya, Cisco Systems, EMC, Microsoft and Sun Microsystems, among others. Read Palamida's blog at http://www.palamida.com/blog or for more information visit http://www.palamida.com/.

About the OSA

The Open Solutions Alliance (OSA) is a nonprofit, vendor neutral consortium dedicated to driving the interoperability and adoption of comprehensive open solutions. Founded in 2007, it is supported by leading companies from around the world who are dedicated to improving interoperability among software products, resulting in integrated and rapidly deployable solutions for business users. Through cooperative action and advocacy, the OSA helps facilitate interoperability, reduce barriers to adoption and raise the awareness of open solutions in business. For more information, please visit http://www.opensolutionsalliance.org/.

The OSA defines ISV members as the broad class of organizations and companies, or significant departments or business units within larger companies that sell and support commercial products based on an open source project, (this can also include products formerly considered proprietary, but currently designated as open-sourced). These include application, infrastructure, and operating system ISVs.