Mitsui & Co. Global Investment (MGI) - Venture Capital, Start-Up

NEWS 2007

[12/10/2007]

Palamida Expands Detection Capability to Include 431 Open Source Security Alerts

Company Publishes Top 5 Most Overlooked Open Source Security Vulnerabilities for 2007

SAN FRANCISCO - December 10, 2007 - Palamida, the leader in software risk management solutions for open source, today announced the expansion of its Vulnerability Reporting Solution detection capabilities to include 431 open source security alerts - 148 of which are considered to have High-Severity Common Vulnerability and Exposures (CVEs) ranging from cross-site scripting and buffer overflows, to SQL injections. In addition, the company has also published the Top 5 Most Overlooked Open Source Security Vulnerabilities found in enterprise audits during 2007 - derived from an analysis of over 300 million lines of code across multiple verticals that include financial services, technology and government.

The popularity of open source software has created an environment in which engineers often embed a wide range of open source and third party components inside enterprise applications outside of the normal software procurement process. This ad-hoc and often undocumented supply chain makes it difficult for application security teams to maintain an accurate code inventory that allows them to proactively monitor open source projects for applicable security alerts and patch updates.

"Open source is inherently no more risky than commercial software,” said Mark Tolliver, CEO of Palamida. “The majority of open source projects provide a patched version to any issue within hours of discovery. Users of open source, however, need a way to quickly and accurately verify what components they are using and associate them with known vulnerabilities so they can retrieve updated versions. Without a mechanism in place to perform this function, organizations put themselves at risk for introducing security vulnerabilities into their code base."

The vulnerability library, the cornerstone of the Palamida Vulnerability Reporting Solution (VRS), is a database that contains signatures enabling unique detection of almost 2 million open source files with reported vulnerabilities. The library contains 431 reported vulnerabilities associated with the most common open source projects Palamida finds embedded inside enterprise applications. The VRS is detection and reporting software that discovers and identifies all unknown open source code inside internally developed enterprise applications, providing an immediate report on their existing vulnerabilities.

It allows users to further develop their security policies for open source use such as:

• Identification of all open source in the code base;
• Pinpointing its exact location within the code base;
• Measuring third-party code dependence;
• And tracking associated vulnerabilities

The end result is a complete blueprint of all open source used across the enterprise code base.

For year-end 2007, Palamida has listed the Top 5 Open Source Vulnerabilities encountered in its audit practice during 2007. The vulnerabilities are associated with the open source projects Apache Geronimo, JBoss Application Server, LibTiff, Net-SNMP and Zlib. For more information about these projects and for patch and updates, please visit www.palamida.com/blog.

About Palamida

Palamida enables organizations to manage the growing complexity of multi-source development environments by answering the question, "What's in your code?" Through detailed analysis of the code base customers gain insight into their code inventory - a critical component of quality control, risk mitigation, and vulnerability assessment.

Palamida was founded in 2003, offering market leading solutions and services that accelerate the adoption of open source within the enterprise environment by eliminating legal and vulnerability concerns associated with its use. Customers include Avaya, Cisco Systems, EMC, Microsoft and Sun Microsystems, among others. Read Palamida's blog at www.palamida.com/blog or for more information visit www.palamida.com.

Press Contact

Melisa Bleasdale
Senior Communications Manager
415.777.9400 x140
melisa@palamida.com