Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database
    • IT Management
    • Servers

    Palamida Launches Code Vulnerability Reporting Tool

    By
    Chris Preimesberger
    -
    April 27, 2007
    Share
    Facebook
    Twitter
    Linkedin

      SAN FRANCISCO—Software intellectual-property management services provider Palamida on April 27 introduced a new service that works to identify vulnerabilities in an enterprises open-source code.

      The announcement was made at the annual Gartner Symposium/ITxpo: Emerging Trends at the Moscone Center here.

      Palamidas Vulnerability Reporting Solution works as a plug-in to the companys code audit compliance solution, IP Amplifier, to “identify, prioritize and spotlight the location of known vulnerabilities” in open-source code, a Palamida spokesperson said.

      Palamidas library contains more than 3 terabytes worth of content, including 140,000 OSS (open-source software) projects, 780,000 additional versions, 7 billion source code snippets, 10 million Java namespaces, 500 million binary file IDs, and Java, C/C++, Perl, Python, PHP, C# and VB signatures, the spokesperson said.

      The VRS uses data from the National Vulnerability Database, a comprehensive cyber-security database sponsored by the Department of Homeland Security and run by the National Institute of Standards and Technology and MITRE.

      The National Vulnerability Database integrates all publicly available U.S. government vulnerability resources and provides references to industry resources for the purpose of assisting with remediation efforts. It currently contains over 23,700 known vulnerabilities, 89 US-CERT issued alerts and 1,900 US-CERT vulnerability notes, and has a publication rate of approximately 18 new vulnerabilities per day.

      /zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      Readily available code resources, the increase of geographically distributed development teams and ever-increasing time-to-market pressures have resulted in the blending of homegrown, third-party and open-source components, the spokesperson said.

      The sheer size of a code base coupled with the number of contributing developers makes it difficult for companies to get an accurate assessment of their software assets.

      “Successful IT Governance requires risk mitigation at the code level. Customers should be utilizing vulnerability analysis solutions to identify and remediate application risks,” Palamida CEO Mark Tolliver said. “The VRS works together with vulnerability analysis solutions to bridge the gap between proprietary code analysis and complete code analysis.”

      Most companies operate without any knowledge of exactly what their software is made of and whether or not it contains security risks. The root cause of many application security vulnerabilities resides in the code base—an area that traditional security software cannot protect, Tolliver said.

      Existing vulnerability analysis solutions scan customers proprietary code to identify potential vulnerability holes such as buffer overrides and network and intrusion detection gaps. They also highlight violations in secure coding practices.

      The VRS, on the other hand, augments the IT governance process by scanning the customers code base and pinpointing the existence of open-source content, highlighting any known vulnerabilities and delivering a prioritized report to assist with remediation efforts, the spokesperson said.

      /zimages/1/28571.gifClick here to read a Q&A with Palamidas CEO on the growth of opportunities relating to open source.

      Michael Cote, an analyst with RedMonk, told eWEEK that the important thing in this release is that it builds on the code auditing thats already in the Palamida platform.

      “Its true that there are a handful of vendors that work in the same space, but Palamida is approaching the sector in their own way technologically: building up the database of open-source projects, and then layering on more software auditing and health checks, ” Cote said.

      “What I like about the code auditing and code-health approach that companies in this problem space do is that it lets developers work at the fast pace theyd like to without being slowed down by manual auditing processes,” Cote said. “Adding in things like venerability checking adds more value to these platforms in that the platform is further automating previously manual processes.”

      San Francisco-based Palamida and Black Duck Software, headquartered in Waltham, Mass., are the primary companies working in this space today, although other entrants are likely to emerge, Forrester Senior Analyst Michael Goulde told eWEEK.

      “Their products and services address two of the leading concerns many companies have about software in general, not just open-source software: security and intellectual property rights,” Goulde said.

      The two companies have taken somewhat different directions in terms of the markets they address and their go-to-market approaches, Goulde said.

      “What theyre doing is more than code searching,” Goulde said. “They need to identify and flag specific issues by using a wealth of data theyve collected from a variety of sources. It isnt good enough to know that a particular piece of code is being used, because in one context that can be perfectly OK and in another, there can be serious licensing or IP issues. So putting all the pieces together to present a complete picture is what both companies are trying to do for their customers.”

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor Emeritus of eWEEK. In his 16 years and more than 5,000 articles at eWEEK, he distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×