Mitsui & Co. Global Investment (MGI) - Venture Capital, Start-Up

NEWS 2009

[02/25/2009]

Palamida Expands Detection Capability
to Include 34,621 Open Source Releases
with Vulnerability Alerts

Highlights Open Source for Job Seekers
as a Timely Example of Open Source Value

SAN FRANCISCO, CA, February 25, 2009—Palamida, the leader in application security for open source, today announced the expansion of its database to include vulnerability alerts against 34,621 open source project releases in its latest Vulnerability Database Library 2.0. Entering its second anniversary of providing monthly updates, this second generation database includes 117,387 open source release files, 22,718 of which are new this month. While open source projects are typically very prompt about finding and posting fixes to reported vulnerabilities, Palamida’s expanded coverage ensures that organizations can detect out-of-date versions of components in use, and upgrade as appropriate to eliminate known vulnerabilities.

Of the vulnerability alerts in the current release, 38% are ranked “high” in severity, 44% as “medium” and 18% as “low.” Severity rankings are based on industry standards under the custodial care of the First Incident Response and Security Teams (FIRST). Rankings take into account vulnerability conditions such as exploitability, confidence of the report, and potential damage to users. In-depth analysis of the new database shows high level of responsiveness by most open source communities to reported vulnerabilities against their projects. There are 1,149 historical vulnerabilities reported against six of the most popular open source projects. However, there are only 198 vulnerabilities reported against their newer versions, giving an indication of the overall dedication by well-supported communities in reacting to known vulnerabilities.

Palamida’s vulnerability reporting is based on a patent-pending version detection engine which detects exact project releases, purges false positives, and creates auto-generated reports to eliminate wasted hours of manual analysis in reviewing irrelevant matches. In addition, the system continues to push new alerts that pertain to open source projects in use, even after the applications using them have gone live or been shipped. For senior IT and security managers, this provides notification of new vulnerabilities that pertain only to their products and immediate access to information about potential remediation steps.

”Open source projects have long been an exceptional resource, with an excellent record of quality and security,” said Mark Tolliver, Palamida CEO. “But the real value comes from the rich variety of open source projects – from operating system to application components to consumer desktops. Our expanded vulnerability coverage is one way we’re helping our customers take more advantage of all the benefits that open source offers.“

To highlight the value of open source, Palamida has assembled the Open Source Job Hunters Toolkit, a compilation of consumer-friendly, secure projects that will help job seekers stand out in a crowded job market. The toolkit includes eight projects job seekers can use in smart ways -- ranging from Opengoo, to get collaborative feedback in developing resumes to Avidemux, a video editor to use in embedding a video elevator pitch on a blog or hosted online resume. For more information about the toolkit and download information, please visit www.palamida.com/blog

About Palamida, Inc.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications. Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others.

For more information visit: www.palamida.com.