Palamida Inc., a startup focusing on intellectual property management and compliance technology, Monday announced the appointment of Mark Tolliver as president and chief executive of the company.
Tolliver, who was most recently the marketing and strategy officer at Sun Microsystems, takes over the helm at San Francisco-based Palamida as the companys core product, IP Amplifier version 3.0, has entered into a pilot phase with customers.
Palamidas tool automates the detection and management of open-source code and commercial third-party software and their associated licenses, according to the company.
“We sell a set of software tools to help our customers manage and understand the software in their companies today,” Tolliver said.
Typically to perform the kind of code analysis Palamidas tools do, a company would have to assign teams of technical and legal staff to manually go through the code looking for any errant code and checking for associated licenses, “which was drudgery,” Tolliver said. “But we have automated tools to assist companies in scanning for open-source code or other code. Its kind of a new area that is top of mind for ISVs.”
Theresa Friday, a Palamida co-founder who heads up product management, said “the basic mechanism is first we go out and identify as much open-source [software] as we can and put that into a very large database and make fingerprints or signatures of that. Then we do a high-speed match to search for the stuff we know about.”
Friday said the software is a client technology and it contains information on about 40,000 open-source projects and associated licenses.
While other companies such as Black Duck Software Inc. and PatentCafe.com Inc. offer intellectual property management resources, Friday said Palamidas approach is unique in that it first focuses on developers.
“Whats interesting about our product is at a high level we think this problem starts with developers and [since] potential issues start at the developer level, we developed it so it can start up on the developers desktop,” Friday said.
IP Amplifier ships with a set of configuration tools for integrating the product into build systems and other software components. And users can set up policies for when they want to audit their code, whether daily or weekly, Tolliver said.
In addition, output from the tool is in XML format and can be shared between developers, business decision makers and legal staff.
“The tools are a huge step forward,” Tolliver said. “Relative to where we have been the tools are an enormous step forward.”
However, at the recent Linux on Wall Street conference in New York, Karen Copenhaver, executive vice president and general counsel for Black Duck, said scanning tools are helpful but more is needed in terms of best practices and policies.
“We need a technological solution that provides a response automatically,” Copenhaver said. “And it should become a natural part of the development process.”
At that same conference, Douglas Heintzman, director of technical strategy for IBMs Software Group, said, “While tools are important to scrutinize and scan code, its just not sufficient. If you are going to find moments notice code snippets and have to pull them out at the last minute, its going to cost you.” Heintzman said scanning tools and licensing reviews are helpful, “but education and awareness of the issues is essential.”
Tolliver said that although Palamidas tools dont set policy, they can help ensure that best practices are being observed.
“We can help our customers ensure that whatever they set into place is happening,” Tolliver said. “We are not a policy, we are not a law firm, we are a technology company that says heres what in there, here is the code, and here are the licenses.”
Both Tolliver and Friday said they had personal experience where a tool like IP Amplifier would have come in handy.
Tolliver said when he was president and general manager of Suns iPlanet division, “We wound up with millions of lines of code from Netscape and we had to find out what was in there. So we had a team of lawyers and developers looking into it, and it was a huge effort.”
Friday said in a prior position her team “found a piece of open-source code in the kernel of our product that would have cost us an OEM deal with a big partner—it took us six months to fix it.”
In addition to enforcing corporate or organizational license policies, Palamida IP Amplifier enables on-demand or scheduled IP audits of a companys code base, provides license text, external component publisher and contact information, scans either binary or source code, and catalogs internally written versus third-party components, company officials said.