Managing Risk

Palamida recently announced an important new focus area - security. Most corporations use open source software, and Palamida helps its clients determine whether they are in compliance with open source licenses. Now, Palamida also determines whether its customers are vulnerable to over 400 open source security issues, 148 of which are defined as High-Severity Common Vulnerability and Exposures. (These include cross-site scripting and buffer overflows, to SQL injections.) As Mark Tolliver, CEO of Palamida, put it, "Open source is inherently no more risky than commercial software. The majority of open source projects provide a patched version to any issue within hours of discovery. Users of open source, however, need a way to quickly and accurately verify what components they are using and associate them with known vulnerabilities so they can retrieve updated versions. Without a mechanism in place to perform this function, organizations put themselves at risk for introducing security vulnerabilities into their code base." Here's a link to Palamida's press release on the subject.