Service identifies and reports open source vulnerabilities.

Press Release Summary:

Vulnerability Reporting Solution (VRS) works seamlessly with IP Amplifier(TM) code audit compliance solution to identify, prioritize, and report known vulnerabilities within open source code used in customers' projects. It pinpoints use of open source content and reports on known vulnerabilities based on aggregated information from multiple sources. Solution complements vulnerability analysis implementations and includes library with 3 Tb worth of content.

Original Press Release:

Palamida Launches Open Source Vulnerability Reporting Solution

New Solution Enhances IT Governance by Pinpointing Known Security Risks in Open Source Code

SAN FRANCISCO, April 23 - Gartner SYMPOSIUM/ITxpo - Palamida(TM), the leader in software intellectual property management solutions and audit services, today announced that it has extended the reach of its extensive compliance library and launched a new service, the Vulnerability Reporting Solution (VRS). VRS works seamlessly with Palamida's code audit compliance solution, IP Amplifier(TM), to identify, prioritize, and report known vulnerabilities within open source code used in customers' projects.

Access to readily available code resources, geographically distributed development teams, and increasing time-to-market pressures have given rise to the blending of homegrown, third-party and open source components. The sheer size of today's typical software projects coupled with the number of contributing developers makes it difficult and time consuming for companies to get an accurate assessment of their software assets: What do they have? Where did it come from? What are its intellectual property and security risks?

Thorough risk mitigation calls for more than just firewalls and virus scanning, it requires code level protection against legal, financial and security risks -- it requires solutions robust enough to identify software intellectual property challenges and known vulnerabilities in the code base.

Code Level Risk Mitigation

Existing vulnerability analysis solutions scan customers' proprietary code to identify potential vulnerability holes due to coding practices such as buffer overflow and similar problems. The VRS complements these tools to further enhance the IT Governance process by both pinpointing the use of open source content and reporting on known vulnerabilities based on aggregated information from many sources.

"Successful IT Governance requires risk mitigation at the code level," said Mark Tolliver, CEO of Palamida. "By combining our scanning and detection technology with the excellent content available through repositories such as the National Vulnerability Database, we are able to bring a new level of transparency and confidence to enterprise use of open source software."

Enhancing the Value of Existing Solutions

The VRS is the perfect complement to vulnerability analysis implementations and further extends the breadth and depth of Palamida's existing compliance library -- the industry's largest and most comprehensive database of its type.

"Due to the nature of our business, we are committed to both security and efficiency," notes Stephen Chen, Managing Director of SEC Ventures. "Palamida's Vulnerability Reporting Solution delivers the depth and insight necessary for us to rectify any potential security issues, if found, in a quick and efficient manner."

"As an open source technology with a huge user base, it's very important to us to spot any new security vulnerabilities immediately," said Ron Park, VP of Engineering at MuleSource. "Palamida's VRS enables our development team to track and remediate any open source vulnerabilities as they arise -- giving us the ability to proactively address them, rather than react to them. Palamida's VRS provides us with a lot of value."

Composed of 3 Terabytes worth of content, Palamida's library contains over 140,000 OSS projects, 780,000 versions, 7 billion source code snippets, 10 million Java namespaces, 500 million binary file IDs, and Java, C/C++, Perl, Python, PHP, C#, and VB signatures, among other components.

The VRS provides relevant and timely information on open source vulnerabilities by leveraging data from the National Vulnerability Database (NVD), a comprehensive cyber security database sponsored by the Department of Homeland Security, run by the National Institute of Standards and Technology, with Common Vulnerability and Exposure (CVE) data from The MITRE Corporation. The NVD integrates all publicly available US government vulnerability resources and provides references to industry resources for the purpose of assisting with remediation efforts. The NVD currently contains over 23,700 known vulnerabilities in total, 89 US-CERT issued alerts, and 1,900 US-CERT vulnerability notes. There are an average of 19 new CVEs added to the NVD each day.

About the Company

Palamida enables organizations to manage the growing complexity of multi- source development environments by answering the question, "What's in your code?" Through detailed analysis of the code base customers gain insight into their code inventory -- a critical component of quality control, risk mitigation, and vulnerability assessment.

Palamida was founded in 2003, offering market leading solutions and services that accelerate the adoption of open source within the enterprise environment by eliminating legal and vulnerability concerns associated with its use. Customers include Avaya, Cisco Systems, EMC, and Microsoft, among others. Read Palamida's blog at or for more information visit

CONTACT: Melisa Bleasdale of Palamida, +1-415-777-9400 x140, or cell, +1-408-219-1969

All Topics