RealTime IT News

Source Vulnerability Checking From Palamida

Palamida today announced it is extending is software compliance technology to include source code vulnerability reporting as well. The new service, Vulnerability Reporting Solution (VRS), identifies, prioritizes and spotlights known vulnerabilities in source code being used within an enterprise.

Palamida's main product is IP Amplifier, an audit compliance solution that examines all of the open source code being used within an organization to determine what's being used, including the numerous open source licenses available.

Palamida’s library of known source code is enormous. It consists of more than 3 terabytes of content, contains over 140,000 OSS projects, 780,000 versions, seven billion source code snippets, 10 million Java namespaces, 500 million binary file IDs, and Java, C/C++, Perl, Python, PHP, C#, VB signatures among other components.

It also recognizes more than 100 different open source licenses, such as GPL, Apache 2.0, Mozilla public license, Sun's CDDL and Eclipse, according to Mark Tolliver, CEO of Palamida.

Keeping all of this straight is not easy, which is where IP Amplifier comes in. "As open source has exploded on the scene, people realized they are using a ton of different pieces of open source code, and they are saying we'd better find out what we're using and make sure we have permission to use it," Tolliver told internetnews.com.

Beyond the licenses, there's also the issue of keeping up with vulnerabilities found in the code. VRS will check the code in an enterprise or organization to see if any vulnerabilities have been reported. It examines code at both the source and compiled, binary levels.

By examining the code, VRS checks against a database of known vulnerabilities in its massive code database. If there are issues with a version of code in the customer's collection, a remedy is suggested, such as a newer version of the code from the original developer. Or, if a fix isn't available, developers can make their own modifications. Either way, developers are told what code in the correction needs to be fixed

Ron Park, vice president of engineering for MuleSource, a developer of open source middleware, said the error reporting has proven invaluable.

"From our perspective, we provide over 30 different connectors and transports to other software components. Typically, these components are produced by other vendors, open and closed source. This enabled us to identify security vulnerabilities not only in our code but to extend security checks to the 30+ transports and connectors as well," he said.

IP Amplifier with Vulnerability Reporting Solution is available now from Palamida. Contact the company for pricing information.